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Genius Guide 

Acomprehensive masterclass to 
becomingan instant expert 

Welcome to 

Linux & 
Open Source 

In an age where most people are carrying a fully-functioning computer and 
matching operating system in their pocket (if not on their wrist, with the 
advent of wearable technology), it's easy to forget the fun that can be had 
with editing and customising your own system. Linux and other open source 
software packages can give you an exhilarating sense of freedom in making 
your computer your own, no matter what you use it for. In this Genius Guide, 
you’ll learn advanced tips for how to get the most out of the latest distros, 
and find projects to try out. We reveal how to get faster, better servers, and 
show you how to triple boot your sytem. Whether you’re looking for useful 
hacks like using the web from the terminal, or want something more 
technical like signal handling or code analysis, we have everything you need 
to become a Linux and open source expert in no time at all. 
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“An everyday distro is quite a broad thing; 
in this context we mean the kind of OS 
you can use for just about anything” 
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Everyday 


Is this the year of Linux? Or is it the year we 
stop claiming that? Either way, there are 
already plenty of choices for your day-to-day 

Elementary OS 

An everyday distro is quite a broad 
thing; in this context we mean 
the kind of operating system you 
1 use for just about anything 
and everything without really 
specialising in one specific area. Something that’s 
easy to use and its supplied tools aid your use of it. 

This is exactly the point where elementaryOS comes 
in. Aiming to be easy to use for people of all skill levels, 
elementaryOS is a beautifully designed distro that 
has had a lot of care put into it. Using an Ubuntu LTS 
as a base and cribbing from a lot of existing design 
decisions, elementaryOS is hardly a completely 
original Linux distribution. 

What makes elementaryOS unique is its use of 
these design aspects and design decisions, putting 
together a wholly new desktop and distro experience 




■ Elements like the dock and 
window styling will lookfamiliar 


liii I 

■ The simple, searchable applications menu 
takes design cues from mobile operating systems 

that you can’t find anywhere else without some 
serious customisations on the user’s part. It’s the 
best of every world for people who prefer using a fully- 
feature graphical desktop, and it works extremely well 
on new and modern systems. 

The wording on the website is inclusive and friendly 
to newcomers as well - not once is there mention of 
Linux or distribution, instead using wording familiar 
to everyone and rightfully referring to elementaryOS 
as a whole as an operating system. This kind of 
friendliness and familiarity is translated to the 
desktop, from a simple dock bar that grants access to 
important programs from the moment you start using 
it to an applications menu reminiscent of modern 
smartphone design. 

The stable Ubuntu base also grants access to an 
unprecedented level of packages and other desktop 
types if you want something a little different to 
elementary’s offering. It’s a great first distro for people 
who want to make the switch to Linux as well. 


Mint would have taken this 
^ category by storm once 
upon atimedueto excellent design 
overtwo fantastic desktops on top of 
an excellent distro. 

Ubuntu 

* Ubuntu is probablythe 

Q ! most popular distro in 

, theworld.oratleastthe 
mostwell-known, which 
means a lot of software supports it and 


Mageia 

H i Mageia is a very user- 
friendly spin on the 
Mandriva family with 
' some excellent apps for 
contrallingjust about every aspect 
of the distro along with other smart 
design choices. It’s been brought back 
into Mandriva but Is still great. 



LibreOffice 

O The office suite 
that has far 
superseded 
its originator, 
LibreOffice can handle 
allyourword processing, 
spreadsheeting and 
presentation needs extremely 
well with a selection of 
excellent software. 


Fi refox 

• Once again 

the king of the 
browsers, with 
half a billion users 
around the world, Fi refox has 
privacy and customisability 
in mind with its design. Due to 
some excellent cross-platform 
tools, you can use it wherever 
you want. 


Thunderbird 

Q The email 

counterpart 
to Firefox has 
remained a very 
strong email client on any 
operating system for a long 
time. With a great range of add¬ 
ons and extensions, you can 
have it work exactly as you'd 


Cinnamon 

The desktop environment 
originally made for Linux 
Mint, Cinnamon uses a more 
traditional desktop layout 
and a lot of common sense 
design choices and workflow 
methods that make the most 
of modern tech and traditional 
ideas. It’s an improvement on 
many default desktops. 


Shotwell 

Excellent photo 
management 
software used 

I • byalotofdistros 

by default, it even has some 
basic support for RAWs. You 
can perform batch operations 
to tweak colours and lighting, 
or just organise photos into 
specific tags. 
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(BEST DISTRO FOR... 

Lightweight 


A lighter Linux distro can help you get the 
most out of an older or underpowered system 
by using relatively fewer resources 

Lubuntu 



k You can define lightweight in a 
number of ways these days. While 
the graphical software part of 
mi i h\ a distro itself can be the most 
resource intensive, the core kernel 
and behind-the-scenes packages can also take 
power away from CPU cycles. While Lubuntu and 
other normal Linux distros running LXDE don’t do 
much to the core of their operation, merely running the 
desktop itself can be a huge relief on some systems. 

That's why we're awarding Lubuntu this prestigious 
prize. While we’re not the biggest fans of Unity, the 
distribution underneath the desktop environment is 
an incredibly solid and relatively easy-to-use system 
that a good desktop environment can really make 



wattOS 

^ Avery lightweight 
andspeedyoperating 
system that aims to 
do two things: boot to 
desktop very fast and also save you 
electricity, either plugged in or on 
the battery. It does both of these 


Puppy Linux lets you teach 
Qj an old dog new tricks - it’s 
mQ specificallydesigned 
forolder systems and is 
tely resource friendly. It can live 



■ Lubuntu has an excellent Software Centre to 
make package downloads easier 

the most of. LXDE is not only extremely light - it uses 
78 MB of RAM compared to XFCEs 89 MB - it’s also 
(very importantly) as fully-featured as most modern 
desktops. Add this to Ubuntu’s impressive software 
and packages and you’ve got a lightweight distro that 
doesn’t sacrifice any usability and still has access to all 
yourfavourite software. 

As for lightweight software, Lubuntu comes with 
quite a different selection of default apps compared to 
its vanilla counterpart. A smattering of the basics such 
as Firefox, Pidgin and Abiword are all you’re presented 
with. It’s enough to get you started and thanks to 
access to the full Ubuntu repos you can then start 
building up your system with some of the excellent and 
lightweight apps that Linux is known for. 

It’s definitely not the lightest distro around but 
it’s certainly the best distro that comes under the 
lightweight banner. 
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Audacious 

m ^ Very lightweight 

f 1 and very fast, 

LfiJ Audacious is the 
^ W definitelythe 
best audio playerforthose on 
a resource budget. It hooks 
into notification centres 
of most major desktops as 
well, allowing you to control 
it better. 


Midori 

■ Midori teeters 
on the edge of 
being just a bit 
too lightweight 

its peers, but it managed 
to maintain a number of 
excellent features to make 
browsingthe Internet with it 
acceptable in 2015. 


CMPlayer 

A lightweight 

, video playerthat 

still has a fairly 
mi decent interface 
and no need for mucking 
around in the command 
line, it will play all the media 
you need as long as you 
have the right codecs and 
backends installed. 


Geany 


, 


A text editor with 
IDEfeatures 
that is popular 
amongthose 
with a few small projects on 
the go. It’s easy enough to 
switch between the two types, 
meaningyou can use it for your 
day-to-day text editing before 
goingfull developer. 


(4ft ■ 


Enlightenment 

1 A window manager 
or full desktop 
environment, 
Enlightenment 
is an incredible flexible and 
lightweight framework loved 
by hardcore users. It’s rarely 
used as a default desktop, but 
give it a go if you’re on the hunt 
forsomethingdifferent. 
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(BEST distro KIK... 

Entertainment 

Here are your best distros for making custom 
systems to play all your media, either on a TV 
or just for better navigation while at your desk 

OpenELEC 




H When it comes to media and 
other forms of entertainment 
consumption via computers, one 
of the most recognisable names 
in existence is XBMC. Very likely 
because of its quite redundant legacy naming, it’s 
unfortunately dropping the well-known branding in 
favour of new name Kodi. What’s this all got to do with 
entertainment distros though? 

Well the devs behind Kodi also make the excellent 
OpenELEC, a Linux distro optimised for a number of 
different hardware types to offer the best possible 
Kodi experience. Not only does it work on specialist 
hardware such as the Raspberry Pi, Apple TV and 
some other hardware ideal as HTPCs, but you can 
also get generic PC builds forx86 and x64systems. 



■ OpenELEC claims to set up 
your media box in 15 minutes 


■ There are some customisations you can make, 
as well as add-ons to install 


OpenELEC takes up only a tiny amount of your file 
system while still offering a full version of Kodi. This 
means you can use any remaining storage to keep 
media local, such as your party playlist, if that’s your 
kind of thing, however you can still stream your media 
from any other computer set up to share it. Setting up 
these shared folders in Kodi is quick and simple, and it 
even scrapes together information on the files to make 
navigation easier. 

There are also plenty of add-ons that allow you to 
stream mediator many online video sources, as well as 
recently-added native Live TV viewing and recording- 
the latter being a better use for your hard drive space. 

For both TV and PC, this is an excellent way to 
consume media in almost any situation, with plenty of 
codecs and online features. 


'J OpenELECthatgivesyou 
Wm a little more choice for 
B howyousetupaHTPC.lt 
ad any new development for 


Ubuntu 

Whenitoomestobeing 

# S^ Ubuntu’s strength is its 
W. —4 supreme list of packages. 
You can set upXBMC/Kodi, Plex, Myth 
or just plain video and music players on 
Ubuntu of any type. 


wayforyoutoactually 
create audio and video yourself, 
thanks to a custom kernel and great 
package selection on a live CD or live 


iMPENVIRONMENL 
MENTATION., 

CUSTOMISATION, 
COMMUNITY _ 
PACKAGES^ 

performance _ 

installation 

HARDWARE SUPPORT^ 


JL 

1/10 

JL 

J)L 

3/IO_ 

JL 

j2 

"ill 


Kodi 

I Previously 
XBMC, Kodi 
Entertainment 
Center is the 

premier media PC software 
around. It’s the software 
behind OpenELEC and it can 
be used for simple music and 
video playback, or streaming 
services and recording live TV. 


VLC 

B a 

p 

t P , 


An extremely 
powerfulyet small 
piece of software 
t can not only 
play just about any form of 
media, but also send, receive 
and record network streams. 
It’s very customisable and easy 
to use even if you don’t want to 
stream your desktop. 


The most fully- 
featured audio 
player around, with 
incredible library 
and playlist management and 
an excellent interface to boot. 

It also has a smart playlist 
that will build itself on thefly, 
however it doesn’t run well on 
older systems. 


□ One of the 

problems we 
have found with 
browser-based 
streaming is that we cannot 
control playback with media 
keys or hotkeys. Nuvola allows 
you to keep all your streaming 
audio in one place and, more 
importantly, control it. 


GIMP 

| The powerful 

image manipulator 
that is probably 
the best open 

source has to offer, GIMP can 
even challenge Photoshop 
thanks to its array of excellent 
features and tools - it even has 
a more straightforward naming 
convention in places. 
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(best distro for... 

Development 


With Linux proving a popular platform for 
development work, which is the best of the 
bunch for getting your code on? 

Arch Linux 



as distraction-free as possible and 
offers a good balance between the 
performance and flexibility of Arch an 
the shallow learningcurve of Ubuntu. 


Arch has never been a distribution to 
pander to the common denominator. 

While its contemporaries add user- 
friendly wizards and hand-holding 
installation packages, Arch dumps 
the newcomer to a console session and leaves them 
adrift with tittle more than a Wiki page for company. 
For beginners, simply getting Arch installed can seem 
like a major achievement - but beginners are most 
certainly not Arch’s target market. 

Once it’s installed, Arch reveals its true potential. 
It allows the more technical user to install only 



the packages required for day-to-day work for 
guaranteed zero bloat, with all the benefits to 
performance, stability and your ability to concentrate 
that this implies. Tweaking your Arch install can 
become obsessive, but once it’s set up to your liking 
you can expect a smooth ride. 

Arch is certainly not a distribution for beginners, but 
those with Linux experience will find plenty to like about 
it. It has an active community, albeit one which can be 
unwelcoming to beginners, boasts a great package 
selection for even some of the more esoteric tools in a 
developer's arsenal, and promises to provide an easily- 
customised environment tailored specifically to your 
individual needs. 

A rolling-release development methodology means 
that while installation may be painful it’s a one-off 
experience, and users are guaranteed to be working on 
the latest available tools and resources. Tl 
reason Arch and its derivatives are popular among 
Linux kernel developers as well as those who write 
software for other platforms. 

Finally, Arch has an ace up its sleeve for those 
targeting Arch itself with their creations: the Arch Build 
System. Designed specifically for Linux developers, 
the ABS offers the ability to create, customise and 
distribute packages into Arch which are built directly 
from source. Based heavily on the BSD ports system, 
ABS offers automation for tasks other distributions 
require developers to perform by hand. 


dubbed Portage,and a 
ise system ensuring users install 
itest packages compiled from 
cewith per-distro optimisations. 
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Eclipse 

It might lack 
compatibilitywith 
the GNU General 
Public Licence, but 
the Eclipse Public Licensed 
Eclipse IDE is a powerful tool. 
Based on IBM’s Visual Age, 
it supports most common 
programming languages you’ll 
beworkingwith. 


VirtualBox 

While the 
GPL-licensed 
VirtualBox OSE 
build only provides 
virtualised USB 1.1 support, its 
other features make it a great 
way to run alternative operating 
systems on top of userspace 
Linux; ideal fortestingyour 
code on other platforms. 


Git 

© Born of a copyright 

surrounded 
BitKeeper, Git is 
the distributed revision control 
system of choice for kernel 
developers. It allows for easy 
collaborative workingwith 
plenty of ways to track bugs 


added ii 


Vim/EMACS 

Did you reallythinkwe were 
goingto get involved in this 
debate? A good text editor 
is the programmer’s best 
tool, but we’re staying on the 
fence with this one. Whether 
you’re an acolyte of Stallman 
and Steele or a proselyte for 
Moolenaar, use whichever of 
these works for you. 


GNU Debugger 

The standard 
debugger for 
GNU/Linux, GDB’s 
capabilities 
extend beyond the obvious 
with support for programming 
languages rangingfrom Free 
Pascal and Ada through to 
Objective-C and Java. We 
recommend giving it atry. 
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Enterprise 


lATTFBNATIVEmiilK»jL> 


When it comes to desktop Linux 
^ distributions for the enterprise 
crowd, there are two names that go 
pw ** toe-to-toe: SUSE and Red Hat. Both 
—' offer distributions for the desktop 
and server specifically marketed as ‘Enterprise Linux’, 
and both back up their offerings with a wealth of 
commercial support. 

With customers as varied as the London Stock 
Exchange and Office Depot, SUSE Linux Enterprise 
is extremely popular. Features like SUSE Manager, 
which provides automation of server management, 
and SUSE Cloud, providing OpenStack-powered local 
cloud infrastructure, make it easy to see why. 

Enterprise users typically need support, which is 
- naturally - where SUSE makes its money. As well 



■ SUSE is a highly curated 
distro, tailored to its needs 


Red Hat Enterprise 


For companies, Linux can significantly reduce 
the total cost of IT infrastructure, but which 
distribution stands out? 

SUSE Linux Enterprise Desktop/Server 


Like SUSE, Red Hat offers 
its Enterprise Linux variar 
in server, desktop and 
specialist variants, and 


OpenSUSE 


as direct commercial support, the company offers 
various consultancy services including SUSE Assist. 
SUSE Assist, the jewel in SUSE’s support crown, 
offers on-site services from a certified professional 
for companies that can’t afford to have a specialist on 
their staff. 

As well as its Desktop and Server variants, SUSE 
Linux Enterprise comes with the option of add-on 
extensions, including those that make it suitable 
for use in point-of-sale environments and high- 
availability extensions where required along with 
real-time and thin-client variants. 

Stability and support do come at cost to flexibility, 
however: compared to the community-driven 
OpenSUSE, SUSE Linux Enterprise has fewer 
packages available by default, removing many 
of the packages that aren’t well-suited 1 
professional environment. 

The final tick in the box for SUSE is its SUSE 
Studio platform, which provides a means for users 
- Enterprise or otherwise - to customise Linux 
distributions and create everything from Live CD 
images to VirtualBox images and even Amazon 
Elastic Compute Cloud (EC2) instances tailored to 


fully-open variant of SUSE 

Linux. Sponsored by 
SUSE, OpenSUSE requires no support 
contracts or licensing and often 
provides newer features. 


^ offers varying support 
:ts and training options, 
s software compatibility is 


While SUSE is our pick at present, it continually 
trades places with Red Hat as the two attempt to out¬ 
do each other; before committing to one, be sure to 
checkout what the other’s offeringtoo. 
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Puppet 

An open-source 
t configuration 

Iq, . X management 
* ^ utility designed 

to support heterogeneous 
networks of Unix-like and 
Windows machines, Puppet is 
a powerful automation tool for 
sysadmins of Enterprise-class 
infrastructures. 


Chef 

© An alternative to 
Puppet, theRuby- 
and Erlang-based 
Chef integrates 
well with commercial cloud 
environments including 
Amazon’s EC2 and Google’s 
Cloud Platform, and works as 
a local install for managing 
internal infrastructure. 


Docker 

a Docker provides 
theabilityto 
SMI easilyand 

quicklydeploy 
applications inside isolated 
software containers on Linux. 
Compared to a traditional 
virtual machine, a Docker 
container has significantly 
lower overheads. 


Lynis 

Designed for those who 
take a proactive approach to 
security - but, it has to be said, 
a handy tool for the black-hat 
crowd as well - Lynis provides 
a means to audit Linux and 
other Unix-like systems 
for security vulnerabilities, 
and can also check for 
configuration errors. 


SUSE Studio 

While SUSE Studio 
is most commonly 
used by the SUSE 
and OpenSUSE 
teams, its ability to customise 
and deploy operating system 
images can be used with any 
Linux distriDution and can 
make a system administrator’s 
job significantly easier. 
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[best DISTRO FUL' 

Security 


While the mainstream media worries its 
readers over black-hats, security-focused 
distributions are a vital tool for the good guys 

Kali Linux 


I For years, Backtrack Linux was 
the king of Linux distributions 
for those doing security audits 
and penetration testing. In 2013, 
* however, the project was forked into 
Kali Linux. Created and maintained by Mati Aharoni 
and Devon Kearns of Offensive Security, Kali is 
a ground-up rewrite of BackTrack and a worthy 
successorto it. 

Based on Debian, rather than the Ubuntu origins 
of its predecessor, Kali includes pre-installed 
copies of the most popular security utilities, 
including network sniffer and analyser Wireshark, 
port-scanning tool nmap, password cracker 



■ Kali has everythingyou need 
forfull security testing 


John the Ripper and even the Aircrack-ng suite 
for penetration testing of wireless networks. Its 
repositories have plenty more choices available, in 
addition to more sedate applications and utilities. 

Where Kali differentiates itself from the 
competition is in compatibility: as well as 32-bit 
and 64-bit x86 hosts, the team behind it have 
worked hard to bring Kali to the more popular 
ARM-based platforms out there. Builds are already 
available for devices as diverse as the Raspberry 
Pi and Samsung Chromebook, with more builds 
arriving on a regular basis. Considering the very 
low cost of some of these devices, Kali’s support 
helps lower the barrier to entry considerably 
over distributions which require more expensive 
hardware to run. 

Perhaps the most impressive compatibility 
feature, however, is a Kali sub-project dubbed 
NetHunter. Currently available exclusively for 
Google’s Nexus Android smartphones and 
tablets, Kali NetHunter provides various wireless 
penetration testing tools usable directly from the 
device - a great tool for discreet testing without 
havingto lugan all-too-obvious laptop around. 

Combined with options to install to a hard drive 
as well as run from memory and an attractive 
desktop which lends itself well to every-day use. 
Kali is the obvious choice for anyone with an 
interest in network security - despite its reputation 
as a script-kiddie’s play-thing, it’s actually pretty 
tight on the security front. 
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Lynis 

Created by Michael Boelen, 
the author of Rootkit Hunter 
(rkhunter), Lynis isafullyopen 
security audit tool. As well 
as checkingfor vulnerabilities, 
Lynis has the ability tofind 
misconfigurations with 
reports that can prove to 
be extremely useful when 
hardeningasystem. 


nmap 

Atoolsofamous 
a it ended up with 

^ screen time in The 

- Matrix Reloaded, 
Fyodor Vaskovich’s (real name 
Gordon Lyon) nmap should 
have a place on every system. 
Its rapid network mapping is 
incrediblyflexibleand can be 
individuallytailored. 


OpenVAS 

The Open 

tC Vulnerability 

Assessment 
* System (OpenVAS) 
started life as a fork of Nessus 
underthe name GNessUs. 
Now, it’s one of the leading 
vulnerability scanning and 
management tools - and it’s 
entirely free and open-source. 


Wireshark 

- While Wireshark 

- formerly 
Ethereal - has 
its competitors 
in the packet-sniffing arena, 
its friendly user interface and 
powerful analysis and filtering 
tools are second to none. 
Wireshark is useful for general 
network diagnosis as well. 


Metasploit 

This framework 
j\ is invaluable 
\U7 for penetration 
testers. When 
a scan has revealed a 
vulnerability, Metasploit 
can attempt to exploit said 
vulnerability; proving or 
disproving its existence quickly 
and easily. 
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Tbest DISIRU ^k.. 

Privacy 


Stay private and keep your information safe 
with these Linux distros specially built to put 
your mind at ease when working online 

Tails 


hb Privacy can be extremely important 
Vi on the Internet, and it’s only going to 
become more of a concern as time 
goes on. With more ways to leave 

^-* your trace on the Internet, and more 

companies wanting your details to sell you ads, it 
can be tricky to remain truly anonymous. This can be 
essential for some people - whistleblowers, victims 
of stalking and people writing unpopular opinions on 
Twitter. It can also be handy for just buying a gift for 
your other half to avoid the inevitable targeted ads 
that an incognito mode won’t stop. 

Tails can help you with all of this, and makes it 
fairly easy to do in the process. It manages this 
through many careful layers of security and privacy 
considerations - firstly, the entire system runs 



% Tails 



■ Run Tails from a disc or memory 
stick to get the best use 


■All traces of user activity are removed as part of 
the shutdown process 

in RAM and does not use any disk-bound swap 
partition. The RAM is then completely written over 
when Tails is shut down, leaving no trace of what you 
were doing or using. 

All of its networking is run through Tor, so your IP is 
masked behind at least a dozen encrypted servers. 
Failing that, the default is the Tor browser, which 
also has the same software, meaning that whatever 
you’re looking for, it won’t get traced back to you. You 
can also use secure chat clients to keep your location 
safe, there’s PGP email support built-in so you can 
send private mail and there’s also just a full suite of 
normal programs like LibreOffice and GIMP, so you 
can use the distro in any other way. 

You can install Tails, but it’s designed to be live 
booted and that will guarantee maximum privacy at 
the same time. Give it a go today to find out just how 
easy it is to remain anonymous. 
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Tor 

.A Sneakers, an 

intrepid group of 
Bay Area hackers 
bounce their signal off multiple 
servers and satellites to avoid 
detection. Tor is essentially 
this, sendingyour requests 
through several secure and 
encrypted servers. 


Tor browser 

FirefoxandTor, 

easy way to stay com pletely 
anonymous online without the 
need for booting into a private 
distro. It's so good its used by 
default in Tails to make sure 
you stay private. 


ClawsMail 

This is a PGP 
encryption 
foryour email 
^J clients, including 
Thunderbird, that lets you send 
messages in confidence. It 
also works on its own, just in 
case you want to leave even 
less trace of its existence on 
your system. 


KeePassX 

/ffi* Manage your 
SM/ passwords with 
- KeePassX, the 

password manager. It allows 
you to store a lot of data in a 
highly encrypted database that 
can only be accessed via your 
password - once it’s accessed, 
you can even search it. 


Florence Virtual 
Keyboard 

A virtual keyboard 
^LVtj that avoids 

anykeylogging 
programs to 

make your computer just that 
little more secure. It can also 
be used if your keyboard is 
missingand broken, and is 
extensible and customisable. 
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(ffiSIDBreOFOR... 

Rolling release 

For those who don’t like to be beholden to 
formal release schedules, rolling-release 
distributions promise to never get out of date 

Gentoo 


Named for the speedy Gentoo 
- penguin, Gentoo and Arch have long 

^ J been rivals. Both offer a true rolling- 
release development methodology, 
meaning that the latest updates 
are brought to the entire user base simultaneously - 
ensuring that no installation is ever out of date, and that 
installation need only occur once - and both feature a 
BSD-inspired ports-like software distribution platform. 

Forthe Linux purist, the hands-off approach of Arch 
is likely to appeal, but for the average user Gentoo is 
a gentler introduction to the world of rolling releases. 
First released back in 2002, the distribution has a 
considerable fan base who appreciate the team’s still- 
rare approach to development and software releases. 

The other main advantage to running Gentoo is that 
its software is compiled from source directly on the 
user’s system via the Portage manager. This means no 




Sabayon 

H A Gentoo variant, 

Sabayon retains the 
rolling-release ethos bu 
is a lot more welcoming. 
Designed to work out-the-box, 
Sabayon loses a little in flexibility 
compared to its upstream parent bi 
is still a powerful distribution. 


3 environment ana rouing- 
release development 
. * Taking Debian's unstable 


■ I nstallation is slower but gives 
you better-optimised apps 


■ Support forums and an IRC channel are linked 
right from the desktop 

waiting for package maintainers to build and upload 
a package for your platform, and that the software 
which gets installed can be optimised for your specific 
processor architecture - enabling performance boosts 
where generic compilation would drain power from the 
system. The trade-off, of course, is that compiling from 
source typically takes longer than simply installing pre¬ 
compiled binaries from a package archive. 

Like Arch, Gentoo’s installation process has been 
tricky - although plenty of community help is available 
in documentation, IRC channels and mailing lists - but 
the relatively recent release of a Live USB variant makes 
it far easier to try. While its popularity has waned in 
recent years, Gentoo remains a great choice for anyone 
who wants a highly customisable system, and while it 
can be tricky to install it’s a process that - in theory - 
should only ever have to happen once. 



immpaiwPL 

itlllll»l»W 
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I source answer 


the GNU Image 
Manipulation Program has 
recently introduced a single¬ 
window mode to com bat 
criticisms of its unfriendly 
userface, bringing its powerto 


Audacity 

Supporting 
I multi-track mixing 
| and with more 
filters and utilities 
than you could imagine using, 
Audacity helps prove that Linux 
is no slouch when it comes to 
creative work and that it can 


Firefox 

Although under 
fireforperceived 
bloat-ironic, 
considering the 
project was founded to deal 
with perceived bloat in the 
Netscape browser - the 
Firefox browser, now on 
version 34, remains a popular 
choice among users. 


LibreOffice 

Created following 
l ^ Sun Microsystems’ 

\ l acquisition of 

\ -"*** OpenOffice.org, 

The Document Foundation’s 
LibreOffice is nowthedefault 
in many distriDutions, ottering 
features and compatibility 
to please even the biggest 
Microsoft Office fan. 


VLC 


The strength of 


(A \ 

flexibility. As well 
as the ability to 
play almost any audio or video 
format, it supports streaming 
over the network and the 
ability to record from various 
sources - including capturing a 
live view of your desktop. 
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Live distro 


The best live Linux distros you can boot up 
from portable media without installation 


Knoppix 

Knoppix is still one of the premier 
live distros, although competition 
has become fierce with other distros 
popping up that add something 
different to the mix. Knoppix has 
remained popular thanks to some core design choices, 
while updatingin other areas to keep with the times. 

Knoppix positions itself as a showcase of everything 
that open source has to offer, and depending on what 
version of the distro you get, this can translate to having 
access to just about every known FOSS available 
on Linux without the need to install them - it has 
everything and the kitchen sink. 


For having quite a lot of software, Knoppix boots and 
runs fairly fast. This is due to the way all the software is 
compressed and decompressed ‘on the fly', allowing for 
2 GB of the usual DVD to contain up to 9 GB of software 
that can be used at any time. Knoppix also has several 
custom boot options on a cheat sheet that will let you 
boot with different sound or display options, and even 
boot into the special ADRIANE interface for those who 
are visually impaired. Knoppix can be very handy to have 
installed onto a DVD or USB storage if you’re regularly 
needing to quickly boot into Linux for some reason on 
various computers. It’s not the best for sysadmin work, 
but it can do many other Linux-only computingtasks. 




WHFiWl 

ran 

mtiiiiMii 
PMMiS 
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iffiliHE 


WebConverger 

■ Puppy Linux 

Avery special and tiny 
r distributi °n that, while 

very light for normal 
computers, is best 

H suited for giving ancient PCs some 
usefulness. It's based on Ubuntu 
usually, with a quite custom kernel 
and a different set of packages. 

web kioskfor something 
Ifcwfcf likean Internetcafe, 
running a modified version of Firefox. 

Porteus 

Avery fast live distro that takes up only 
300 MB of space, and is optimised 
to run from live media. You can add 
modules for extra software if needed. 

| BEST ill!)!) 



Clonezilla 

mm The best way to clone 

your hard drive, Clonezilla 
l A supports full hard drives as 
™ well as partitions and can 

then be used to restore disk images in 


GParted 

Format, edit, resize and 
basically do anything 
you want with your hard 
drive and partitions using 
GParted. It’s included on most live CDs 
because it’s excellent at doing this task 
and is also easy to use. 


a 


Wicd 

j ^ An excellent and easy to 
I ■ use networking utility 

/ that can be used for both 
■mm wirelessandwired.it 
makes connectingto and managing 
networks easy, in the past we’ve had it 
win our network manager group test. 


TestDisk 

If your backups have 
failed or something else 
has gone horribly wrong, 
TestDisk can recoveryour 
data from a hard drive. It supports all 
majorfile system types and works from 
the terminal. 
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UP YOUR COMrU I iiw 

WITH AN UPGRADED OR 

brand new server that 

YOU CAN BUILD YOURSELF 


W l hile big business and big data may 
be utilising mainframes more of 
late, the concept of servers is not 
going away any time soon. Servers 
are an integral part of any system, however 
large your IT infrastructure is. Whether it’s inside 
the data centre or tucked away in your (well- 
ventilated!) cupboard at home, there are still a 
lot of uses for servers in 2015 and 2016. 

For the office you may want to save a bit of 
money and create something perfect for your 
needs that you know exactly how to maintain. 
For home you may just want to enhance your 
setup and make the entire network more 
efficient. For both it’s a great way to separate 


certain aspects of your network to control it in a 
more efficient way. 

There are many components of a server that 
you need to keep in mind, but it boils down to 
an appropriate hardware selection and a good 
distro for the task at hand. In this tutorial, we 
are goingto concentrate on file and web servers, 
two base server systems that can be expanded 
and modified in multiple ways to best fit the 
situation you are in. 

As we’re teaching you how to build a better 
web server, we will first take a quick detour 
to tell you what you should know if you want 
to upgrade your current server so that it can 
compete with the new tech. 
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If you have a server, an upgrade 
may be ail it needs to run better 

You may already have a server, in which case instead of actually building 
a better server from scratch, you may want to just upgrade your server 
to be more efficiently than it was before. There are several ways of doing 
this depending on how you want to improve your server, and most of them 
require a hardware upgrade. If you decide to go down the hardware upgrade 
route, refer overleaf to see the kind of hardware that we recommend and 
learn somequicktips on howto install it if you’re new to system building. 

The easiest upgrade is storage space, especially for file servers. For Linux 
systems you can quite simplyjust add an extra hard drive into the case, as long 
as you have room in terms of spare SATA cables and power. Once installed, 
reboot your system and you can start adding the hard drive under /etc/fstab 
so that it automatically mounts to a specific location - in this case, the location 
on the filesystem which needs a bit more storage. Otherwise, you can create 
a clone of the system using Clonezilla (clonezilla.org) and then restore it to a 
larger hard drive with almost no change in the way it works. 


For other system hardware, you need to ask yourself which section is 
slow and perhaps needs upgrading. If it’s a little slow for certain operations 
and computational tasks, your first port of call should be upgrading the 
CPU. Depending on how forward-thinking you were when building or buying 
the original system, the motherboard may support newer processors than 
the one inside it. Find out the socket information and start a search for a 
new CPU. While you’ll need enough RAM to support the CPU and whatever 
the server is being used for, you’ll always need more for one handling web 
services than file serving. You can easily replace these kind of parts without 
having to reinstall Linux. 

If you’re doing heavy computational tasks and can use hardware 
acceleration for it, look at getting a new video card to support it - although 
not many servers will even require one, let alone a good one. 

If you’ve reached the limit of your current motherboard, it’s time to gut the 
system and get a new mobo, CPU, RAM and GPU if you need it - backing up 
important files and settings is a good idea before you attempt this as Linux 
may not be able to work with completely new hardware without a reinstall. 

Otherwise, if you need a software upgrade then refer to whatever guide is 
relevant to you i n th is feature on how to install and setup a new d istro. 
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runnsiNG HARDWARE 

What kind of hardware will you require to build a better server? 


The hardware in a server is a very important 
consideration for building your system. Servers 
handle different requests to a normal desktop 
machine, often handling several people’s requests 
at once. This means that the resource priorities have 
changed and these can even be different between 
various types of servers. 

Software counts as well, of course, but without 
a decent hardware base, it will be tricky to have 
the server work as intended. Scalability and 
peak loads need to be considered as a future¬ 
proofing method, so always try and make 
sure that you have a bit more power than you 
need. With all that said, let’s start looking at 
the individual components. 

There are six main components you need to put 
thought into, and the four most important ones are 
the motherboard, the processor, RAM and power 
supply - the core components on any computer. As 
we mentioned, you need to think differently about 
what you need components-wise because resource 
usage is different. 

A minor concern for some will be a graphics 
card of some kind, whether it’s so you can directly 
interface with the system or do computational work 
that benefits from multiple different cores instead. 
You’ll need a good storage solution foryour build. 

Motherboard 

Motherboards for servers come in various styles. A 
lot of server boards will have two ports to connect 
a CPU to, which is good for servers used for small 
businesses or if you expect to get a lot of requests 
on a regular basis. These are more expensive than 
single-CPU systems, but the benefits in the long run 
for a big office server are more than worth it. 

For home use, a single slot for a processor will do 
you fine for most cases, the main exception being 



Above You won’t need a GPU if your mobo has onboard 
graphics and you don’t need multi-core processing 


a web server where you plan to have a lot of regular 
connections made to it. In this case, you want to keep 
an eye out for motherboards with plenty of storage 
and connection slots to make it as flexible and 
scalable as possible. 

CPU 

The most important thing for a server CPU is the 
number of cores - that’s why dual-slots can be 
quite useful. More cores allows for more threads, 
essential if you plan to run VMs off a file server or 
several sites at the same time. Clock speed is not as 
important, but you should at least get one that is not 
ridiculously slow and comes with a decent cache. 

With Intel’s Hyper Threading, each core can work 
harder by creating multiple threads in each core. 
Conversely, AMD processors will offer more cores 
for a lower price, especially if you’re on a budget. 

RAM 

A larger amount of RAM is more important on 
servers than it is on a desktop PC, enabling you to 
run more operations at once. Speed and latency 
is not so important, so gaming RAM with tweaked 
timings will not grant you a better system - in fact, 


it may be slightly worse since they don’t have ECC. 
ECC fixes single-byte errors that make up the most 
common forms of data corruption in the RAM. 

While ECC RAM can be important, it’s more 
important in web servers and generally much more 
necessary in business and enterprise servers. On 
every level though, a larger amou nt of RAM is good. 

PSU 

While it is best practice to never skimp on 
a power supply, it is near essential when it 
comes to server power. While you may need 
1,000+ watts for your ridiculous 4K gaming rig 
(electricity bills be damned), you can be a little 
more reserved in the peak power for a home 
server, depending on its intended use. Look 
for power supplies with an ‘80 Plus’ rating, as 
these ones have been through some level of 
certification to ensure that they have a degree 
of efficiency - this is a good idea for servers that 
are on all the time as they will save on electricity 
bills in the long run. Titanium and Platinum are 
the highest ratings, meaning they’re at least 
90 per cent efficient (95 per cent efficient for 
server power supplies). 



When we talk about slots and connections for a motherboard, 
we’re talking about PCI slots and plenty of SATA drive slots. You 
can add more SATA slots via a card, but you’ll need to take into 
account anything else you’d want to add a card for. You need 
to make sure the motherboard’s chipset matches up with the 
kind of CPU you want as well, and the CPU will also dictate the 
type of RAM you get. It’s a multi-layered balancing act that 
may result in a sea of tabs while you compare and contrast 


Networking cards can be essential if your 
server is also acting like a more traditional 
network server, handling all your network 
data and even being used as a modem and 
firewall. There are plenty of different PCI 
cards forthese kinds of tasks, includingthis 
fibre card for a bit more serious Internet use 
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* You don’t need RAM 
with heatsinks for server PCs, really 
- it’s usually reserved for gaming 
RAM with tweaked timings. If you 
are concerned with the heat of 
your system and have a little i 
budget to spend, get RAM with 
some kind of heat dissipater 
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ri inn A FILE SERVER 


mi 


Store and serve files around your network or further 


ubuntu* 


Install Ubuntu Server 


FI H - -’ F2 < : F3 • :■ F4 - I- F5 M . - . F6 


File servers are very useful for both home and 
business environments. For home, it’s a good way to 
have a more low-power, dedicated solution to storing 
your media and backing up your systems, without 
needing to specifically turn on your desktop machine 
to get the files - a desktop machine that may use 
more power idling than a dedicated file server. 

For enterprise, it can not only be useful for 
backups, but also provides for off-machine 
networked storage for individual users that can be 
accessed from within and outside the network. So, 
let’s set a server up. 

For a simple server type such as this, we’re 
going to go ahead and use Ubuntu Server to 
set up the system. This means that if you have 
any experience with Linux, it should be easy 
to maintain and install more software on if 
you need to. 

If you’re doing the initial setup for a home server 
then installing it with a monitor attached will be 
much easier. Burn the ISO to an installable medium 
or boot it over the network if you have the facilities 
set up, then hit return on ‘Install Ubuntu Server’ to 
continue. 

Installation 

The installation for the server edition is different 
from the usual graphical installer of Ubuntu - it’s a 
command line one, albeit with fairly straightforward 
options. After setting up your location, language 
and keyboard settings, it will try and detect your 
hardware for you. Give your server a name, set up 



Above You’ll need to configure Samba in order to get shared 
folders working 


your username and password, and then continue 
with the installation as directed. 

Like the graphical Ubuntu, the server edition 
comes with options to automatically set up the 
partitions - by default, using the whole disc will 
create an install partition and a swap. If you want it 
to use a specific set of partitions, we recommend 
that you sort them out with GParted before trying 
to install them, and then assigning the partitions 
manually yourself. 

During the installation process you will get some 
extra questions about whether you need a proxy or 
not; set that u p as you wish and then it will ask about 
other services to install. As we’re using this as a file 
server, make sure OpenSSH is installed so you can 
dial in from another machine on the network and 
ensure that a Samba server is installed, to make 
sharing files and such over the network easier and 
compatible with any Windows machines. 

Finally, it will prompt you to install GRUB. 
Assuming this is a dedicated file server, you can 
let it overwrite the master boot record. Once 
that's done you will restart the system, so make 
sure you remove the live boot medium. After it 
loads up, you will be dumped into the command 
line to log in - as this is a server distro, there is 
no desktop environment. 

First steps 

Now you’re into Ubuntu, we’ll first get set up to SSH 
into the machine. For something like a home server 
it’s best to set a static IP, and we can do that in /etc/ 


network/interfaces. Open it up with: 

| $ sudo nano /etc/network/interfaces 

... and change the primary network interface to be 
something like: 

I auto eth0 

I iface eth0 inet static 
address [Desired IP] 
netmask 255.255.255.0 
gateway [Router address] 

If you are using a wireless connection, make sure you 
switch it to wlanO and then add in details for the SSID 
and password. 

With the IP you’ve set, or using ifconfig to find out 
what the IP has been automatically set as, you can 
now SSH into your machine using the username and 
password that you set up. From a machine on the 
same network, type: 

| $ ssh [username]@[IP address of server] 

Entering the password will grant you access to the 
same command line interface. 

Shared folders 

Now we can create a shared folder that the rest of 
the network can see and modify. First, let’s create 
the folder that we want to use and put it in the 
normal home directory, with a usual: 

| $ mkdir ~/networkshare 
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It’s best if you don’t use any spaces, to make the 
sharing simpler. Once done, you’ll need to create a 
password for Samba. Do this by entering: 


Above left For a 
flexible, scalable 
server, consider 
trying MAAS: maas. 


| $ sudo smbpasswd -a [username] Above right Ubuntu 

Server makes it easy 
to grab the software 

It will ask you to enter and then confirm the you need during 

password. Once that’s done, and with the folder installation 

created, we can add it to the Samba server. Access 
the configfile using: 


| $ sudo nano /etc/samba/smb.conf 


Go to the very end of the file and add something like 
the following to get the shared folder recognised by 
Samba: 

| [NetworkShare] 

| path = /home/[username]/networkshare 
I available = yes 
I valid users = [username] 

I read only = no 
I browseable = yes 
I public = yes 
| writable = yes 

Save thefile and exit, then restart Samba: 

| $ sudo service smbd restart 


And finish by testing the setup with testparm to 
ensure everything runs okay. 


VPN 

Dialling in externally from a remote location to VPN into your server can have 
added benefits. Accessingyourfiles remotely is one thing, but also beingable 
to use a more unrestricted Internet service (yours) can be handy if you’re stuck 
in a hotel or other location with strict browsing regulations. 

Setting it up is not too difficult and requires the server to be connected to 
the Internet wherever it stays. The more users you allow to VPN from it, the 
more resources you’ll require (including RAM and processing power). 



Torrent server 


With all the storage and possibly aconnection to the Internet, you can setup 
thefile serverto also be a torrent server. This will enable you to give back to 
the community by seeding the latest distro torrents, as well as makingsure 
you have the latest version of certain distros for you to install and test with. 

Just addingatorrent service will letyou do this, and agood one for 
command lines is rTorrent. Not only can you view a usefulcommand line 
interface with it, but you can also set a folder that it reads for new torrents. 
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Host your webs services on a dedicated server that you control 


Your own web server can be a useful addition to 
any system. If you don’t have massive loads to worry 
about you can install it to your own custom-built 
server, or if you have a lot of scalable server space 
then you can build it on there with a very similar 
software setup. 

We are goingto use Ubuntu Server again forthis, so 
follow our advice on the previous pages on how to get 
it set up and get to a point where we can start adding 
Apache services. Feasibly, you could have the server 
be both af ile and web server in this way. 


Install Apache 

w I Once you’ve got your server set up and can 
SSH in, it’s time to install the Apache Webserver. Do 
that usingthe following: 

| $ sudo apt-get install apache2 


It will automatically set the domain address to the 
following: 127.0.0.1 



Above Give your web server a test once you’ve installed Apache 


Test server 

w Am If you have to install a GUI onto your server, 
you can test out that Apache is working by going to 
a browser in it and navigatingto 127.0.0.1. Otherwise, 
from an external system, navigate to the IP address 
of your system in your browser and it should show 
the Apache confirmation page on-screen. 



AO Install FTP 

w w With a web server you can now use it to 
host a website or to access storage from the server 
remotely over the Internet. We can set up the latter 
using FTP, or in our case the secure VSFTP. Install it 
to the system using: 


| $ sudo apt-get install vsftpd 


“With a web server you can now 
use it to host a website or to access 
storage from the server remotely 
over the Internet” 



A / Configure FTP 

w“T We can access the configuration file for 
FTP by using nano to open /etc/vsftpd.conf (sudo 
nano /etc/vsftpd.conf). From here we can configure 
it to match our uses, but first it is necessary that 
we increase the security just slightly before using it 
properly as an FTP server, just to be on the safe side. 


O K Secure your FTP 

w w The main change to make the FTP secure 
is to turn off anonymous users. In the config file, 
look for the line with ‘anonymous_enable’. We want 
to change this to NO if it’s not already there, just to 
make sure that there is a bit more security for the 
FTP server and that all of your content is kept private. 
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AC Local use 

w w While it will be great to access these files 
externally, we might as well have it so you can access 
the FTP internally too, just in case you preferthatto a 
shared folder. Find the line ‘locaLenable’ and change 
it to YES to make sure it’s accessible elsewhere. 

ryj Edit files 

w / As we are only letting people we want onto 
the server, we can make it so anyone logged in has 
write access. To do this, go back into the config file, 
look for the line with ‘write_enable’ and change 
it to YES. You may also need to uncomment it by 
removingthe hash. 

FTP Folder 

wO If you didn’t create a shared folder for the 
previous server tutorial, now is a good time to create 
a dedicated directory for this. In the home folder, use 
mkdir to create a directory called whatever you wish 
ftirthe FTP server to be able to access it. 



AQ Restart server 

V w Once the config file has been fully edited 
and the folder is created, it is now time to start 
using it. Restart the FTP server using sudo service 
vsftpd restart and you will start to be able to 
access the folder. Any changes that you make to 
the configuration will require this restart to become 
active. 


EXPAND YOUH 
WEB SEWER 


Tailor your web server to suit 
all of your individual needs 



Mail server 


Part of the benefits of this being a web server is that it enables you to also add 
yourown mailservertoit.oreven host your own webmail client as well. Flaving 
Apache configured is the first step to this, and it is quite straightforward to 
then set up a mail server on top of that 
As for a webmail client, we recommend using RainLoop, which looks nice 
and modern and also lets you add other webmail services to it, along with your 


NGiMX 
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Nginx server 


Instead of using Apache forthe server, you can also look into and try out Nginx. 
Nginx handles processes slightly differently than Apache and can result in a 
lighter load on your web server. It’s available in the repos of most distros, much 
like Apache is, so it can be installed in mostly the same way. 

For a more complete guide to setting up an Nginx server, you can always 
refer back to one of ourtutorials from Mihalis - it's inside issue 144, if you have 
it to hand, and on our website: bit.ly/1AYKkx8. 
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Tips & Tricks 

I Improve the way you work 


28 Touch up your photos 
using GIMP 

Make professional enhancements to photos 
with an open-source editor 

32 Learn to code BASIC 
with FUZE 

Learn the Pi-powered program 

36 Encrypt your email with 
Thunderbirdand PGP 

Secureyouremails with Linux 

40 Simplify HR management 
with OrangeHRM 

Maintain efficiency in the workplace 

44 Use the Web from 
the terminal 

Save time when searchingthe web by using 
the command line 

48 Real-time log monitoring 
with Swatch 

Get notified from predefined logevents by getting 
Swatch to monitor certain keywords 


52 Turn an old PC into a NAS box 

Repurpose yourold hardware 

56 Get key insights from business 
data with SpagoBI 

Make the right decisions in business 
with these intelligence tools 

60 Back up to the cloud 

Automatically back-up your files or even 
your entire system 

64 Visualise your data with 
Datawrapper 

Get you r point across q u ickly 

68 Build a Linux HTPC 

Set up a powerful home theatre 

72 Manipulate data in R 

Use R to easily and effectively manipulate 
various kinds of data 

76 Host your own media gallery 
with MediaGoblin 

Share media files with yourfriends 


“Photography 
has never been 
more popular, 
largelythanksto 
the availability 
of high fidelity 
DSLR cameras” 
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Tips & Tricks 


Fix common photography 
issues such as red eye using 
in-built tools from GIMP 


Learn howto remove minor blemishes 
and unessential items such as necklaces 
to improve overall picture quality 


Smooth out and highlight skin using 
colour control and sharpness to 
make a photo more lifelike 



Touch up photos 
using GIMP 


Advisor 

Rob Zwetsloot models 

complex systems and is a web 
developer proficient in Python, 
Django and PHP. He loves to 
experiment with computing 



Resources 

GIMP 

gimp.org/downloads 


Learn how to make professional photo 
enhancements with open source software 


Hobby photography has never been 
more popular, largely thanks to the 
availability of high fidelity DSLR cameras 
and decent point-and-shoots, not to 
mention smartphones. Finally taking over from 
film cameras over the last five years, high quality 
digital photos are much easier to get off a camera 
than developing photos ever was. 

With digital photos also comes digital photo 
manipulation software, such as GIMP, which 
enables you to quickly perform professionally 


styled touch-ups and enhancements to photos 
in order to either really bring out the tones and 
lighting, fix any red-eye, control the colour 
temperature and more. 

While Photoshop may be an extremely 
popular tool for photo editing, GIMP is definitely 
no slouch in that department. Having just about 
every feature you could get in Photoshop, with 
a few even being a bit better, it’s most certainly 
enough for creating a great look with any of 
your photos. 
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T Vary highlights and shadows 

W # Photos will have a range of colours 
at different levels, from the lighter highlights 
to the darker shadows. You can see a histogram 
and numbers for these settings by going to 
Colors>Levels on a 255 point scale; 0 is the darkest 
and 255 is the lightest. 


ry% Install GIMP 

w II GIMP is included on many Linux distros by 
default, so searching the Graphics category in the 
menus is your first step to finding it. Otherwise, it can 
be installed in your software manager just by looking 
for GIMP. If all else fails, head to gimp.org/downloads 
to get the installation files. 

Work with RAW photos 

Wb Some DSLRs will allow you to work straight 
from the JPEGs, but others will also give you RAWs 
which can let you play around with the light levels and 
other fine camera aspects. GIMP can’t edit these, 
so you may also need software such as UFRaw to 
properly importthem. 

AQ Crop the image 

ww Not essential for every image, but if you 
weren’t shooting with a rule-of-thirds approach, you 
can always see if the image would look a bit better 
with one applied. Click on the rectangle select tool 
and set the Guides to Rule ofThirds. 


Use the rule of thirds 

w“T The rule of thirds is used to position an image 
in such a way that certain aspects of a photo take up 
a third of the composition. This helps to make your 
photos look more dynamic and draws the eye to 
particular features. Play around to see what you want 
to highlight. 

Remove red eyes 

ww A common problem you may face 
with improper flash is red-eye. Luckily GIMP has 
a tool just for that. Use the Rectangle tool to 
select one eye at a time and then find the Red 
Eye tool in the enhanced sub-menu of Filters on the 
toolbar. 

A A Control red-eye levels 

w w Tweak the slider on the levels to remove as 
much red eye as possible without changing the whole 
picture. You can refocus the selection to be larger or 
smallertotry and get a better result. It can sometimes 
help to do both eyes at once. 



O Q Ad i ust the ° v era 11 range 

wO Here you can see that the histogram 
doesn’t cover the entire graph. A quick fix, and one 
that will instantly increase image quality, is to drag 
the shadow slider up until the beginning of the 
histogram. In this case it made the photo slightly 
darker but easier to pick out some detail. 
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AA Add Auto-Levels 

Ww There is an Auto-Levels tool that will 
automatically do any basic corrections on the photo 
for you. For some people and photos, this may be all 
you need to do to enhance your photo. Sometimes 
though, you might want to do a little more level 
editingto ensure maximum quality. 



A A Alterthe colour range 

I w Back on the levels editor, find the channel 
selector. Here you can find the individual RGB 
levels. Editing these individually can create a 
slightly better tone profile across the picture. 
You can also edit the Blue or Red levels to 
make the image colder or warmer, or correct the 
white balance. 


“Use the Eraser tool to remove the 
red areas from the skin” 


11 


A A Set up the image 

IO Grab the Healing tool and z 


Correct skin blemishes 

There’s a big debate going on right m 

the beauty industry’s use of airbrushing to make picture. Select a patch of skin next or very n< 

models look perfect. We're not really equipped blemish - change the brush size if need be, depending 


o debate that in Linux User & Developer, but w 


>n the size of the photo and blemish. Hold Ctrl before 


feel it’s fine to have a look at covering the odd skin clicking. This selection will move with your painting to 


blemish if you need to. 


vary the healingtool’s colours. 


n n 



4.i 


A * Usethehealingtool 

I With skin blemishes like red patches, moles 
and freckles, you can easily < 

Healing tool. This takes one 


14 H 

l*T P 


Heal blemishes 

Paint over the blemish as you normally would 
them using the any other colour using the paintbrush tool. You may 
of a photo and need to reset the initial point of copy at points to avoid 


uses it to create a natural gradient. It’s the plaster using the background or another part of the picture to 


symbol on the tools. 


sr up the target ar 
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Clean up the photo 

I W The Heal tool can do a lot more than just 
remove a mole. In this example we’ve removed the 
necklace from our model’s neck. On a larger scale it 
can be used to clean up the background of a photo a 
bit more naturally than cutting out or guessing colour 
profiles. It’s not a perfect tool as it can only estimate, 
but it’s still very smart and gets better all the time. 

A O Enhance the details 

I w The Unsharp Mask works very well on 
photos with small details or where the makeup is 
key. Go to Filters>Enhance to select the tool, which 
will automatically bring out some of the details in 
the photo. Use small values and experiment; it only 


Use the Quick Mask 

So we’ve removed some basic blemishes, but 
you can also smooth out the skin a little using the 
Quick Mask tool. Go to Select and then Toggle Quick 
Mask to cover the image in a layer of red. Don't panic, 
we’ll be removingthe red hue once we are done. 


HDI 


•I? 

w •» 

! m £ 




A Q Grab Gaussian Blur 

I w The final step to smooth out the skin is to 
use the Selective Gaussian Blur in Filters>Blur. Play 
about with the levels again but try and keep them 
small. Go too far and you can make the skin slightly 
resemble plastic. 
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Do some preparation 

Use the Eraser tool to remove the red a 
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Beautiful photos 

With a bit of practice and s 


from the skin, avoiding the hair, eyes and mouth. After uses of these tools and some others, you can really 
that’s done you can turn off the mask and it will create make any picture look much better than the original, 
a selection of what you deleted, without the Joker- without overdoing it and giving the model a completely 


esque look that occurred when the mask was on. 


different appearance. 
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Learn to code 
BASIC with FUZE 

Discover the language that started it all with FUZE, the 
Pi-powered programming and electronics platform 



Advisor 

Rob Zwetsloot models 

complex systems and is a web 
developer proficient in Python, 
Django and PHP. He loves to 
experiment with computing 


Resources 

FUZEBASICkitfuze.co.uk 


A lot of the great British coders from 
Generation X are usually considered to 
have got their start thanks to the BBC 
Micro and the BBC Computer Literacy 
Project in the Eighties. 

At the time, the cheap hardware was 
affordable for schools and allowed kids to code 
in ‘Beginner’s All-purpose Symbolic Instruction 
Code’, or BASIC. This simple language opened 
up programming to kids of all ages in schools 
and created a British computing boom. Times 
have slightly changed and after a bit of a 


struggle, computing is back into British schools. 
While they won’t be learning BASIC 
anymore, the language still exists and is an 
excellent way to teach programming. The FUZE line 
of hardware aims to bring that back with special 
Raspberry Pi-powered machines. 

Not only can you code in the BASIC language but 
you can also work on creating physical projects 
using an excellent custom 10 board attached to the 
FUZE device. 

We’ll show you how to use BASIC for programming 
and how to create a traffic light system. 
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01 . ready hay, “FUZE Will bOOt jlltO A deSktOp Of A 

a Raspberry Pi built into it, so all you need to do |a i ■ ■ ■ i 

is hook it up to a monitor and power source to modified Raspbian. Here you can do 

get it going. Make sure the SD card is placed into 1 

Zerad b a e Z e you p[us in using the supplied you r normal Pi activities” 


BASIC interpreter 

£ The FUZE will boot into a desktop 
of a modified Raspbian. Here you can do 
your normal Raspberry Pi-related activities, 
but what we’re interested in is the FUZE 
BASIC option on the desktop that takes us to the 
BASIC interpreter. 


updated since the BBC Micro days, you can still 
perform some of its more simple tasks and the 
infamous GOTO 10 command. You can do this by 
executing commands like this: 

| >10 PRINT “Hello World” 

I >20 GOTO 10 


it and then tell the code to return to the 
beginning of the cycle with REPEAT at the 
end. In our case: 


| CYCLE 

I PRINT “Hello World” 
| REPEAT 


A ) Say hello 

ww Our first foray into a programming 
language needs to be done right with a proper 
“Hello World” statement. It’s very simple to do in 
BASIC and just requires you to write: 


| >PRINT “Hello World” 
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Look around you 

While this version of BASIC has been 


AP The modern way 

W O Press Esc to end the loop. BASIC has seen 
some improvements in this version, so we can 
create this endless loop of Hello World by using a 
better loop statement in the code editor. To access 
the editor, press F2. 
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Modem loop code 

The code for this is quite simple: we 
a CYCLE, place the command within 


Save and run the code 

W M Once you’ve typed it rift, you can press 
F3 to bring up the option to save the code. For 
now, just call it helloloop and press Return. 
Once that’s done the code will run, looping 
Hello World over and over. Press Esc twice 
to end the loop. 
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Make variables 

Creating a variable in BASIC is easy and is 


Open Source Genius Guide 33 







Tips & Tricks 


like most other languages: 


Use PRINT “A” to confirm it’s worked. You can 
modify the value by adding a number or other 
predefined variables like so: 

| A = A + 5 

| A = A + B 

AQ Something more complicated. 

ww Automatically increasing the value of 
a variable is easy. Let’s create a fixed loop that 
prints out Aas it increases from 1 to 5: 

I 

| FOR p = 1 to 5 CYCLE 

I A = A + 1 
PRINT A 

REPEAT 
| END 


A Wire up a project 

I w The 10 board offers a lot of extra 
functionality that’s perfect for learning physical 
programming. While you can connect directly to 
the Pi’s GPIO ports via the header, you can also use 
the custom ports. The tray at the top of the FUZE is 
perfect to slot the breadboard into, so do that now. 

A A Wire up a light 

I Choose one of the LEDs from the 
pack of electronics - any colour is fine - and 
then insert the short end into one of the two 
pins along the top and insert the long end 
into the middle section. Grab a 1000 
resistor (brown black brown gold) and 
insert one end into one of the pins that 
are on the same vertical row as the long 
end of the LID. 

IQ Connect the light 

I Place the other end of the resistor 
on a pin in a different vertical column 
and then use a jumper wire to connect GPIO 0 to 
this end of the resistor on the vertical. Finally, 
attach a wire to GND on supply and put it on the 
same row as the short end of the LED. 

A Q Easy operation 

I O To activate the light, exit the editor using 
Esc and type the following line to let it know to set 
GPIO 0 as an output: 



“You can connect directly to the Pi’s 
GPIO ports via the header ” 



| >PinMode (0,1) 


To activate it and then deactivate i 


I >DigitalWrite (0,1) 
>DigitalWrite (0,0) 
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Light coding 

Now that we’ve 


light working, 


let’s create a little code that will turn it 
off repeatedly: 

| CLS 

I PinMode (0,1) 

CYCLE 

DigitalWrite (0,1) 

Wait (1) 

DigitalWrite (0,0) 
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| Wait (1) 
| REPEAT 
I END 


A | Bigger project 

I w Let’s ramp up the Lighting setup on the 
breadboard and make it into a traffic crossing 
setup. Add two extra lights in the same way 
we added the original LED and attach them 
to GPIO pins 2 and 3. Wire up a button by 
attaching one end to pin 7 and the other end 
to a new 3.3V rail taken from the second set of 
power pins. The button will make the Lights go 
‘red’ in sequence, then after a pause go back 
to ‘green’ - see Fig. 01 for the full code. 


A CLS 

I w The CLS command clears the current 
display. This is helpful to make sure any 
errors or printouts from your code will show 
up without possibLy blending in with outputs 
from previous programs or runs. 
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Use PinMode 

The numbers on the PinMode variable 


handles the GPIO port (X) as well as whether it’s an 
output (1) or input (0). It is therefore constructed 
Like so for GPIO X as an output: 

| PinMode (X,l) 


DigitaLWrite is constructed similarly for output 
pins, with 1 being on and 0 being off. 


.jQ IFTHEN 

SO When you create an IF statement you need 
to make sure THEN is appended to Let BASIC know 
that the following code is for aTrue situation. 


A Q digital Read 

I w As pin 7 in this code is set as an input, 
we want to read when it’s activated. Our button 
completes the circuit when pressed so the read 
needs to be 1. 


ENDIF 

^ O Let the code know when the IF statement 
ends by adding ENDIF. This can make it slightly 
easier and clearer for figuring out where an IF 
begins and ends compared to other Languages. 


CLS 

PinMode (0,1) 

PinMode (1,1) 

PinMode (2,1) 

PinMode (7,0) 

CYCLE 

DigitalWrite (2,1) 

IF digitalRead (7) = 

1 THEN 

Wait (1) 

DigitalWrite (2,0) 
DigitalWrite (1,1) 
Wait (1) 

DigitalWrite (1,0) 
DigitalWrite (0,1) 
Wait (5) 

DigitalWrite (1,1) 
Wait (2) 

DigitalWrite (0,0) 
DigitalWrite (1,0) 
DigitalWrite (2,1) 
ENDIF 

REPEAT 

END 
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Encrypt your email with 
Thunderbird and PGP 


Advisor 

Sean M Tracey is a 

creative technologist at a 
leading digital agency. He 
spends a lot of his time living 
inside of Node.js, Python 
and Arduino 


Resources 

Ubuntu 14.04/Debian 7.7 

GPG www.gnupg.org 

Mozilla Thunderbird mzl.la/1pimzQ4 



Securing emails really isn’t that difficult 
- with open source tools at our disposal, 
world-class encryption is at our fingertips 


For years, we have been confident in 
our ability to transmit personal or 
sensitive information over the Internet 
securely. We bank, we shop, we send 
endearing messages to our sweethearts. It’s 
understandable then that we want to feel secure 
in the handling of services that involve dealing with 
money, lifestyles and friends. SSL, SSH, HTTPS 
- these are just a few of the protocols that we use 
every day that try to assure us of their absolute 


security. Regrettably, recent revelations have 
revealed that these trusted protocols are not as 
secure - or rather, not as unimpeded - as we once 
thought they were. 

In this tutorial we are going to look at how quickly 
we can use open source tools, in this case GNU 
Privacy Guard, to once again secure our private 
communications and ensure that the only people 
reading our messages are the people that we sent 
the messages to. 
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j What is PGP? How does it work? 

W I Sending messages securely has been 
attempted for centuries. Secrecy has been of 
paramount importance in times of war, matters 
of finance or great personal deeds. Despite its 
importance, there are always caveats to sending 
messages secretly - how can we be sure of the 
message’s security? Are we certain that only the 
person who we intended the message for has 
actually received it and decrypted it? How do you 
encrypt something that can only be decrypted by 
the people you have selected? 

Phil Zimmerman had a crack at answering these 
questions back in the early Nineties and PGP 
was his solution. PGP is a little different to other 
security methods; rather than having a single 
password or key that can encrypt and decrypt a file 
or message, PGP has two keys. These two keys are 
called the public and private keys. The public key 
is used to encrypt information and can be shared 
with anybody. The private key is one that you, as 
the creator of both of these keys, keep to yourself. 
When combined with the public key, the private key 
can decrypt the information that was encrypted 
with the public key. 

This system is perfect for messaging because 
anybody can have anybody else’s public key and 
encrypt data, but only the person that created 
the public key in the first place has the means to 
actually decrypt the encrypted information. 

GetGPG 

\J^ Encryption is hard on the best of days. 
Like many complex things in computing, we aren’t 
just writing code to handle a task - we need to 
be certain that the maths behind the concept is 
sound, otherwise it’s all for naught. Fortunately, 
today is one of those days where we don’t have to 
worry about any of this because we have GPG (GNU 
Privacy Guard). 

If you’re running a modern Linux distro, you should 
already have GPG installed on your system, but let’s 
assume that you don’t already have GPG installed: 

| sudo apt-get install gnupg 


This will get you up and running on an Ubuntu or 
Debian system. If you’re using another system, you 
can download and build the source from www.gnu pg. 
org/download/index.html. 

To check that your installation is valid, type gpg 
—help into your terminal. If you see a list of options, 
we’re ready to crackon. 
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Create our keys and identity 

Now we’re at the point where we can 
a keypair - these are the public and 



“This is because the larger the 
key, the harder it will be to brute- 
force encryption” 


private keys that were mentioned before. In your 
terminal, enter: 

I gpg -gen-key 

...and you’ll see the following options present 
themselves to you: 

| Please select what kind of key you want: 
j (1) RSA and RSA (default) 

j (2) DSA and Elgamal 

j (3) DSA (sign only) 

j (4) RSA (sign only) 

We’re going to be using option one, the RSA keys. 
You’ll be asked what keysize you want for your keys. 
The sizes vary depending on your system, but always 
go forthe upper bound of the options presented. This 
is because the larger the key, the harder it will be to 
brute-force the encryption in the future. 


Next comes the expiration date for the key. 
We’ll be creating a revocation key in a little bit, 
so an expiry date for our keypair isn’t entirely 
necessary. If you don’t like the idea of a key that 
can’t expire, however, then enter an expiration 
time that suits you, otherwise just enter 0. GPG 
will then ask you whether you are sure you 
want to create a key that never expires; respond 
with yes. 

As this is the first time we’ve used GPG, we don’t 
have an identity to sign our keys with yet, so a 
prompt will ask us to do that now. 

You’ll need to enter your real name, a comment 
(often used to describe who you are) as well as 
a real email address. Once you’ve confirmed 
that you’re happy with what you’ve entered, you 
will be asked to enter a passphrase. This can be 
anything - make sure that you jot down a note of it 
somewhere, as you will use it to access and allow 
access to your keychain later. 
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A/ Entropy and randomness 

w“t Now our system will ask us to continue 
using our system while it generates random 
bytes. As we all know, a computer program that 
claims to be inherently random often isn’t. When 
observed over time, patterns begin to emerge 
in the randomness. By using our system as 
GPG creates random bytes, a certain amount 
of entropy is created - true randomness. Our 
interactions with the system and the response 
to those outputs will help GPG to create a 
truly random key. 

This may take a while, so just go about your 
business as normal. Play a game, make a cup of 
tea, watch that video of an adorable new puppy 
on Youtube and check back once in a while. 
(Tip: compiling something really helps speed the 
process along.) 

After some time, you’ll get something that looks 
like Fig. 01. This means that we’ve just successfully 
created ourfirst keypair! 

Ar Revoke our key 

ww Our key doesn’t have an expiration date. 
This means that if, through some nefarious means, 
somebody manages to get access to our private key 
they would be able to read all of our encrypted data 
and there would be little that we could do to stop it 
from happening. 


By creating a revocation certificate we can kill that 
problem. It is pretty easy to do this - just enter the 
following into yourterminal: 

I gPg --gen-revoke [[EMAIL_ADDRESS_YOU_ 
ENTERED_WHEN_CREATING_KEYS]] 

You’ll be asked for a reason for generating a revocation 
certificate. We don’t have a reason right now other 
than being overly cautious, but you can select any 
of the options you see fit and comment accordingly 
when asked. 

Next you’ll be asked for the passphrase you used 
when creating your keys, enter it and you’ll see an 
output such as this: 

| Please move it to a medium which you can 
hide away; if Mallory gets access to this 
certificate he can use it to make your 
key unusable. It is smart to print this 
certificate and store it away, just in case 
your media become unreadable. But have 

some caution: The print system of your 
machine might store the data and make it 
available to others! 

I 

| -BEGIN PGP PUBLIC KEY BLOCK- 

| Version: GnuPG vl 

| Comment: A revocation certificate should 


gpg: /home/seanmtracey/.gnupg/trustdb.gpg: trustdb created 
gpg: key 49A3764A marked as ultimately trusted 
public and secret key created and signed. 

gpg: /home/seanmtracey/.gnupg/trustdb.gpg: trustdb created 
gpg: key 49A3764A marked as ultimately trusted 
public and secret key created and signed. 

gpg: checking the trustdb 

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model 
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, lu 
pub 4096R/49A3764A 2014-11-12 

Key fingerprint = 84A5 21D7 2DB6 5BD3 8DB3 782D 82EF 6281 49A3 764A 
uid Sean M. Tracey (Creative Technologist) <sean@XXXXXXX.org> 

sub 4096R/042FE14E 2014-11-12 

“ Interactions with the system and 
the response to outputs helps GPG 
create a truly random key” 


follow 

I 

| [[DATA THAT MAKES UP YOUR REV0KATI0N KEY]] 

I 

|-END PGP PUBLIC KEY BLOCK- 

Just as the output says, put that certificate somewhere 
safe - preferably not on the same machine and 
definitely not on the Internet. 

AA SetupThunderbirdwith Enigmail 

W So, we have a way of encrypting our emails. 
Painless, eh? But there’s no way of sending or 
receiving them yet. Well, let’s fix that now. We’re 
going to install Enigmail for Thunderbird. Enigmail is a 
nifty, free add-on that will handle signing, 
encrypting, sending, receiving and decrypting all of 
oursecure emails. 

Just open Thunderbird, then go to Tools> 
Addons and search for and install Enigmail. 

Restart Thunderbird, and once the restart 
has completed you’ll notice that Engimail is now 
an option in your main application bar. Click on 
EnigmaibSetup Wizard and we'll have the keys that 
we generated moments ago now assigned to our 
email inbox. 

To set up our keys for Thunderbird properly, you 
should answerthe wizard questions like so: 

| 1 ) Which general mode do you prefer to 
encrypt outgoing mail? 

- Convenient Auto Encryption 
and 

- Sign all of my messages by Default 

| 2) Do you want to change a few default 
settings to help Enigmail run better on 
your machine? 

- Yes 

| 3) I want to select one of the keys below 
for signing and encrypting my email 
| - [[ SELECT THE KEY WE JUST CREATED 

WITH GPG ]] 

That's it then, we’re all set up to send and 
receive encrypted email. At least, our mail client 
is. In order for people to be able to send us 
encrypted messages, they need access to our 
public key - otherwise now will we know what to 
decrypt if we don’t tell them how to encrypt their 
message? It may seem counterintuitive to give 
away our own key when talking about security, but 
that’s exactly what we want to do. In fact the more 
people that have our public key, the better - so let’s 
share it! 
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SetupThunderbird 
with Enigmail 


Basic Sending 

General Preferences for Sending 

( Convenient encryption settings Help 

• Manual encryption settings 
v'EncrypVsign replies to encrypted/signed messages 

Automatically send encrypted 

C Never 

• If possible 

7b send encrypted, accept 

Only keys I explicitly trust 

• All valid keys I have 

Confirm before sending 

lC Never 

• Always 
'If encrypted 
O If unencrypted 

If rules changed the default encryption setting 
See also account specific Enigmail settings (see Account Settings -> OpenPGP Security) 


“What we need instead is a central 
repository specifically for keys” 


Share our public key 

# One way to get our public key out into 
the world is to email it to all of our contacts that 
we would expect to email us. If you only intend 
to send secure emails to a select set of people, 
this solution is probably best for you - but that 
would be no good to somebody who has 
never emailed us before. We could put our keys 
on a server, but how will people know how to 
find it? What we need instead is some sort of 
central repository specifically for keys. That’s 
exactly what a public keyserver is for. You can 
add your public key to any keyserver you like - 
GPG comes with a preassigned default, keys. 
gnupg.net, and it’s pretty well known so 
we’ll upload our key there. All you have to do 
is enter: 

| gpg -list-keys 

You will now get an output of all the keys you’ve 
created. You should see something along the line of 
“pub 4096/QUID]] 2014-30-10”. Copy the unique key 
ID you see and then enter: 


| gpg -send-keys [[UID]] 

You’ll then get: 

| gpg: sending key [[UID]] to hkp server 
keys.gnupg.net 

This indicates that everything has gone well. 

If you want to upload you r key to a different server, 
point the same command to a different location: 

I gPg -send-keys —keyserver the.keyserver. 
address Y0UR_KEY_UID 


All that’s left to do is test our setup, so let’s send an 
email. First we need to pick a person to send it to. 


AQ Add somebody else’s public key 

wO As mentioned before, we need a 
public key to send an encrypted email that only 
the intended recipient can decrypt. If somebody 
has sent you their public key through an email 
(which will have a .asc extension), there are 
two ways you can add it to your keychain for 


usage. Assuming everything is behaving with 
your Thunderbird setup (and that you’ve opened 
the email with the key in Thunderbird), double¬ 
click on the .asc attachment. Thunderbird 
should recognise it as a public key and ask you 
whether you’d like to import it or not. If you 
answer yes, then you’re set to go. However, if you’re 
more of a command line person, then we can 
use GPG to add the certificate to our keychain 

Move the .asc file to somewhere accessible on 
your system (for example, your home directory) and 
cd to there with: 

| cd ~/ 

| gpg —import someone_elses_key.asc 


This will import the public key to your keychain, and 
now you’re ready to send a message. 

OQ G'v e encrypted email a whirl 

ww With Thunderbird, compose a new 
message just as you normally would. Make sure the 
person you send the email to is somebody whose 
public key is in your keychain. Just before you hit 
that lovely send button, tap the Enigmail button 
in the Ul and check that this email will in fact 
be encrypted. If that’s not the case, just select 
the options from the drop-down menu. If 
Enigmail recognises the recipient you intend to send 
the email to, it will automatically select that person’s 
public key to encrypt the email with. If the recipient 
is not recognised, a prompt will appear asking 
you to select the appropriate key as you try to send 
the email. 

Once the recipient has been selected and the 
message encrypted, the email will be sent on its 
merry way. 


^ Receive emails 

I w The neat thing about Enigmail is that when 
somebody sends you an encrypted message, it 
decrypts itforyouonthefly! Same user experience, 
much better privacy. 


cl c Round up 

I I We’ve looked at how PGP works, creating and 
sharing our own keys, setting up our email clients to 
handle those keys, and sending and receiving emails. 

Despite the prevalence of other options, email is 
still king when it comes to digital communication, 
and still the vast amount of it is unencrypted. When 
asked about email security, people often answer it’s 
not a concern because they’ve got ’nothing to hide’. 
Well, that’s not the point - privacy is not a privilege, 
it is a right, and it is one that people should opt for 
more often. 
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The main modules of OrangeHRM. 
Clicking on one of them takes you to the 
respective module's landing page 


Sub modules appear in this orange 
menu bar once you have selected one 
of the main modules 


Search for an employee by name, ID or any 
other details. The search is very flexible 
allowing a search in spite of populated fields 



Employee details are added here. The Add button reveals a new List of employees already in the system. Clicking a 

form which allows you to type in a new employee's details name will reveal information about the employee 


Simplify HR management 
with OrangeHRM 

Employees are the most important part of any organisation and 
management tools are essential in maintaining efficiency 


Advisor 

NitishTiwari is a software developer by 
profession and an open source 
enthusiast by heart. As well as 
writingfor a leading open source 
magazines, he helps firms set up 
and use open source software for 
their business needs. 

Resources 

OrangeHRM www.orangehrm.com 


For any organisation, whether a small one 
with few employees or a multinational 
corporation with several branches 
worldwide, managing human resources is 
always an important but difficult task. It is important 
because the employer needs to track key metrics and 
strategise accordingly to keep the employees in good 
spirits. It’s also difficult because HR management is a 
diverse field with so many things to be managed; leaves 
of absences, performance, logged hours, employee 
profiles, salaries and a lot more. While organisations 
are now increasingly becoming aware of employee 
needs, leaving no stone unturned in making sure 


employees remain happy, the hunt for a great HRM tool 
sometimes proves to be the difficult part. 

In this tutorial we will have a look at one of the most 
renowned and popular open source HR management 
tools - OrangeHRM. With the first beta release in 
2006, it has continuously grown and is now used by 
one million users worldwide. OrangeHRM supports 
all the important aspects of HR management and is 
ridiculously easy to deploy and use. Given the ease of 
installation, configuration and use - and robustness - 
it is useful for all types of organisations, from startups 
to multinationals. In this tutorial we have used the 
stable release version 3.1.2. 
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Installation 

W I For Linux (and OS X) the source code 
is available for download as a ZIP file. Once you 
download it, just unzip and place the contents in 
the root folder of your Webserver. You will need 
Webserver and database preinstalled though - a 
LAMP/MAMP server, for example. If you also need to 
set up OrangeHRM on a Windows system, a bundled 
installer is available - complete with web server and 
database. Once you've downloaded and unpacked 
everything that you need, access the folder via a web 
browser - the URL should be something like: http:// 
localhost/orangehrm. If everything is fine, the set¬ 
up wizard welcomes you with an option to freshly 
install OrangeHRM or upgrade existing set up. As 
you proceed for fresh installation, you will need to 
provide the database root access (if the database 
for OrangeHRM is not created) or just the details 
of database already created for OrangeHRM. You 
can then create the admin user ID and password. 
Finally, you have the optional registration before the 
installation finishes. 



ft*} Administration and configuration 

\J^ As you log in as an admin you can see 
several tabs corresponding to different functional 
areas. Under the Admin tab, you have the User 
Management, Job, Organisation, Qualifications, 
Nationalities and Configuration sections. You can 
set shift hours under the Job section. Employee 
qualifications can be set under Qualifications. 
Configuration lets you enable/disable different 
modules, configure email using sendmail or SMTP, 
and subscribe users to email notifications. While 
the other sections names are self-explanatory, 
there are few important tips you will find useful 
- User Management corresponds to the system 
users, and so you can’t directly add a user. You will 


need to add the employee first (more about that 
in the next step) and they can then be added as a 
system user under the User Management section. 
A user can have only two roles: ESS (employee self 
service) and admin. Roles are not to be confused 
with job titles; there can be several job titles (which 
can be created underthe job section). 

AO Employee management 

wO The PIM, or Personal Information 
Management, section is the place where you 
can manage the employees’ data. Click on the 
Add Employee link and just fill the relevant details. 
If you select Create Login Details, a system user 
for the employee is created as well. Otherwise you 
can add employees as system users through the 
user management option under Admin tab. You may 
think that the fields for employee details are too few 
to capture all the details, but as you click Save after 
filling the details, you can see the full view of the 
employee details page. This page lets you view and 
modify all the details related to an employee like 
personal details, contact info, dependents, salary, 
organisational hierarchy and much more. You can also 
add custom fields under employee details page - just 
go to the Configuration tab under the PIM section 
and click Custom Fields. There are a few option fields 
available as well 
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Leave management 

w“T The next section is the Leave section. When 
you go to the Leave tab, new subsections are visible: 
Entitlements, Reports, Configuration, Leave List and 
Leave Assignment. To set up Leaves, you can start 
with the Configuration tab. Here you can create leave 
types (like sick, casual and more), list out holidays 
for the year, configure working days of the week and 
set the leave period (one year durations with leave 
entitlements are valid). After Configuration, you can 
then head over to the Entitlements section; this is the 
place to add leave entitlement to employees. Based 
on these entitlements and corresponding leave 
balances, employees can then apply their leaves. The 
Leave List section shows the leave data for the total 
leave period. The Assign Leave section allows the 
admin to grant leave without the employee applying 
for it. 


Ar Time writing-attendance 

ww Attendance tracking is a very sensitive 
issue; even a small error in logging the in and out 
times can cause big problems (at least for the 
reputation of an employee). OrangeHRM provides 
a neat way to track the attendance. Just head over 
to the Time tab and you can see the Attendance 
section inside. Here you can view employee 
attendance records or configure things like whether 
or not an employee or supervisor can modify the 
attendance records. Note that you're currently 
logged in as admin, but to log attendance then 
you should be logged in to the system as an ESS 
user. Just make a user with the ESS role and log 
in. After that, just go to Time>Attendance>Punch 
in/out and click In. The system automatically logs 
the date and time. The page refreshes to show the 
Out option now. 

Time writing-time s heet s 

'T J While attendance is used to track the actual 
hours spent in office, timesheets generally track the 
time spent on various activities inside the office, and 
the data is used for budgeting purposes. So before 
adding timesheets, you need to add customers and 
corresponding projects. Also, with each project the 
related activities should be added. To add these 
details, head over to Time>Project lnfo>Customers. 
After adding the customer, add projects using the 
Project link just below Customers - activities can 
also be added in the same page. Now you are ready 
to add timesheets. As an admin, you can add or 
view the timesheets of all the employees just by 


going to Time>Timesheets>Employee Timesheets. 
This page also shows the submitted timesheets, 
which have actions pending from your end. 
An ESS user can add and edit her timesheets using 
their own login. 



Performance 

w / management - employer 

In this section we will have a look at how to set up 
performance management usingthe admin interface. 
The performance management in OrangeHRM is 
based on KPIs, ie the key performance indicators. For 
every job title in the organisation, the corresponding 
KPIs, along with the maximum and minimum rating 
points, need to be created. Every employee can 
then be automatically evaluated based on the KPI 
of their job title. To set KPI go to Performance>Add 
KPI. You can select the job title and then add the KPI; 
the maximum and minimum ratings are optional but 
should be added to ensure uniformity in ratings. You 
can check all the KPIs added in the KPI List page. After 
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adding the KPI you need to go to the Add Review page r_ _ . 

to initiate the review process for an employee. In the 
next section we see how it all looks to the employees. 



08 


Performance 
management - employee 


After the review process is initiated by the admin, 
the reviewer and the reviewee can view it under 
Performance>Reviews link. Only the reviewer 
can open it though, to add their reviews. After the 
reviewer adds reviews and ratings, and submits 
the form, the admin then needs to approve the 
review before it is made available to the employee. 
Once the admin approves the review, no further 
changes can be done - even by the admin. Note 
that the reviewer for an employee is completely 
independent of the organisational hierarchy, so 
anyone from the employee pool can be added as a 
reviewer for the employee. 


AQ Recruitment 

ww OrangeHRM lets you manage the 
recruitment process as well. From publishing a 
vacancy to handling job applications to shortlisting 
and hiring - you can do it all with OrangeHRM. 
Let’s see how to get started. Click on the link 
Recruitment>Vacancies, this is the page where you 
can add the vacancies. As a vacancy is created, a 
web link and a RSS feed is created, which is available 
publicly. This link not only has the full vacancy details 
but also allows candidates to apply via a form. Later, 
as someone applies, the candidate page (next to 
vacancy link) automatically gets updated with the 
details. You can then click on the candidate name to 


manage the application. The application goes through 
the steps of shortlisting, scheduling interviews, 
interview results, offering the job and, finally, hiring. 
After you hire the candidate, the employee entry 
for the candidate is created automatically. You 
would need to manually create the login for the new 
employee though. 

10 ^ e P° rts 

I W Several modules of OrangeHRM have the 
option to generate reports. Let’s have a closer look at 
what each one of them has to offer. In the PIM section, 
the Reports tab lets you create custom reports which 
once created can be saved and used later. As you 
click on Reports the Define Reports page appears. 
Here you can create reports related to employee data 
such as employee’s name, grade, job title, education 
and so on. The Leave section allows you to generate 
reports related to leave entitlements and leave usage. 
There are no custom reports here though, only a fixed 
set of reports. The Time section also has its own set of 
fixed reports. Project Reports shows the time spent 
on a project and its activities by all the employees, 
whereas Employee Reports shows the time spent by an 
individual employee, categorised by different projects 
and activities. Then while the first two are related to 
timesheets, Attendance Summary lets you see the 
attendance details of an employee. 


“The performance management in 
OrangeHRM is based on KPIs” 
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Most people migrated from command-line mail decades 
ago, but it’s still there if you need to quickly attach a file 


aria2 handles torrents, as well as downloading, from a 
variety of different sources 


Use the Web from the terminal 


Advisor 


i 


Richard Smedley 

A Unix jack-of-all-trades, Richard 
always has a shell open so learnt 
ipting by osmosis. It’s notthat 
dislikes GUI apps. He just loves 
the command line. A lot. 


Resources 

Surf raw surfraw.alioth.debian.org 

CURLcurl.haxx.se 

wget .org/software/wget 

youtubedl t 
getjpla; 
get_flash_vide< 


Browsers are great, but the command line 
saves time when searching, downloading 
and communicating on the Internet 


From almost every app being on the 
1 command line to doing everything 
through the web browser, GNU/Linux 
= has come a long way towards user- 
friendliness. But in always using that ever-present 
Firefox or Chromium session, something has been 
lost along the way. 

Every tab opened on the browser is time wasted 
in mouse operations and in seconds ticking away 
for the World Wide Wait for a AJAX-heavy page to 
load. Just as many GUI apps have arguably better 
equivalents on the command line, so too do many 
daily operations you carry out on the web have 
quicker terminal equivalents that can save time. 


We’re not just talking about saving a couple 
of seconds; going from a SSH session, checking 
logs on your server, to opening a web browser 
for a search on something involves moving 
concentration away from your project, as the sight 
of all of your open tabs beckons you to a multitude 
of distractions. 

Remember, this isn’t about replacing GUI apps 
with terminal ones - we’re not covering browsers 
and IRC clients here; it’s about getting things done 
on the web with a quick command in your terminal. 
We’ll cover downloading and sharing, but let’s start 
with where commands should be a natural fit: 
searchingtheweb. 
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Before WikiLeaks 

W I Surfraw stands for the Shell User's 
Revolutionary Front Rage Against the Web, and was 
written by Julian Assange many years before he 
became better known for another project. Surfraw is 
installable through your package manager and it will 
bring web searches to the command line. 



AA Surfraw 

wfc Putting search on 
good fit, as you simply put: 


the command line is a 


| sr google raspberry pi 


...and you’ll be looking at Google search results for 
Raspberry Pi in a sensible default browser (w3m on 
most Ubuntu systems). Other command line, or GUI, 
browsers can be set in the config file (note: all file 
locations given may vary depending on the distro). 



AA Elvi search scripts 

ww You can see more than a hundred available 
search options with: 


Elvi are the search scripts for various engines or 
sites. You’ll find them in /usr/lib/surfraw/ and they, 
as well as surfraw options and arguments, are 
tab-completable. 


richirdC> luggable; '/worl/writing/lud/tuts/com. Q rlchardffluggable: -/Dropb ' " 

Carry on 

t <=> ] 58.891 d4dku/s in u.as 

2014-11-03 18:25:58 (343 KB/s) • ’hpaor.coa/chapter/13' saved 1588911 

--2014-11-03 18:25:58-- http://hpaor.coa/chapter/14 
Reusing existing connection to hpaor.coa:80. 

HTTP request sent, awaiting response.., 200 OK 
Length: unspecified Itext/htal] 

Saving to: hpaor, coa/chapter/14‘ 

I <-> | 48.712 125KB/S in 0.4s 

2014-11-03 18:25:59 (125 KB/s) - hpaor.coa/chapter/14’ saved [48712] 

-2014-11-03 18:25:59-- http://hpaor.coa/chapter/15 
Reusing existing connection to hpaor.coa:80. 

HTTP request sent, awaiting response... 200 OK 
Length: unspecified [text/htal] 

Saving to: hpaor.coa/chapter/15’ 


A / Changing web 

w“T While some defaults are growing out 
of date - the late, lamented ntk and freshmeat 
feature are just two examples - Surfraw is 
still ready to go with many still useful search 
directories and is still being updated, with GitHub 
and jQuery docs among those added in the last 
release. Creating your own is left as an exercise for 
the reader. 

Defand defyn 

VV The commented config file is /etc/xdg/ 
surfraw/conf - def and defyn are used here to define 
variables. The latter defines Boolean values such as: 

| defyn SURFRAVLgraphical no 

You can create per-user scripts in -/.config/surfraw/ 
conf with sh-style entries: 

| SURFRAW_graphical=no 



GetWget 

W# You’ve probably used GNU Wget before to 
grab a particular file or binary resource from a remote 
server. Add the -0 option to specify a destination: 


| wget -0 ~/bin/dropbox.py “https://www. 
dropbox.com/download?dl=packages/dropbox. 

py” 



Fetch and clone 

wO The two most useful options are -c, to 
resume an interrupted download (even one started 
by another program), and -r, which is a recursive 
fetch to a default depth of five directory levels, 
enabling you to fetch or clone whole websites. 


06 : 


‘ In your script 

* The other side of the command line is shell 
scripting, to chain together utilities in repeatable 
programs. For this, Surfraw has a -p option to pass 
the URL to STDOUT instead of the default browser 
and an -o option to specify a text file to dump the 
browser’s html. 


AA Tips and tricks 

V 


Wget may be more primitive than the two 
rivals on the next page, but you’ll find many Wget 
tricks for working around blockages to downloads, 
so you can grab a particular resource from, say, your 
command-line-only server. The -e switch enables 
many useful commands: 


| sr -p rhyme -method=perfect orange 


| wget -e robots=off 
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ft f cLIRLfetching 

I w Handy as Wget is, cURL is a far more flexible 
fetchingfriend and it sends too. It’s very invaluable 
for quickly checking the state of your sites with: 

| curl -I gonetoearth.org 

curl -I passes the headers of asite to the terminal. 

/I Two-way street 

I I cURL writes by default to STDOUT, which is 
handier for scripting, but -0 will save the resource 
and a lowercase -o lets you specify a name to save 
as. When you’re directing the output away from the 
terminal, cURLdisplays a progress meterthere. 

Credentials can be passed with -u to both http 
and ftp sites, and uploads to the latter made with the 
-T switch. 


| curl -u username:password -T “{filel,file2}” 
ftp://ftp.myserver.com -T {“patchl,modulel”} 
ftp://ftp.mywebserver.com 


Curl -X lets you specify PUT or POST methods 
instead of GET, for testing site features, even 
multipart forms. 

A**) Change the MOTD 

I Looking for a change from your distro’s usual 
MOTD (the message that greets you upon login)? Let 
cURL grab you a headline, joke or anything else from 
the the multitudinous resources of the web. 

This command, for example, courtesy of 
bashoneliners.com, will give you a randomised 
string of corporate management jargon which may 
well be indistinguishable from recent communiques 
from your bosses: 

| curl -s http://cbsg.sourceforge.net/cgi- 
bin/live | grep -Eo ,A <li>.*</li>’ | sed 
s,\</\Y?li\>„g | shuf -n 1 

| aria2c —seed-time=120 —seed-ratio=1.0 

“Aria2 works 
with torrents, 
which remain 
the best way for 
downloading 
distros” 


ft JT Don’t repeat. 
4 J Config it. 


File Edit View Search Tools Documents Help 
Q Open v save Undo ^ 

**ri«2.conf Q 

# Download Directory specify the directory all files will be 
downloaded to 

# When this directive is commented out. arta2 will download the 
files to the 

# current directory where you execute the arta2 binary 
dlr=/home/rlchard/Download/ 


# Bit Torrent If the speed of the incoming data (download) from 
other peers is 

# greater then the peer-speed-limit, then do not allow any more 
connections 

# then max-peers The idea is to limit the amount of clients our 
system will 

# connect with to reduce our overall load when we are already 
saturating our 

# incoming bandwidth Make sure to set the the peer-speed-llmlt to 
your 

# preferred incoming (download) speed Speeds are in kilobytes per 
second or 

# megebytes per second and must be whole numbers. 5 5M is illegal 
but 5500K 

# and 5M is valid 
bt-max-peers=55 

bt-request-peer-speed-limlt=5M 


Grab with aria2 

I w Wget is installed by default almost 
everywhere and cURL is attaining default status 
too. By contrast, aria2 is not so well-known, 
but it’s a good way of grabbing the latest ISO - 
or any file or software, as metalink tries to 
look for the best version by location, language 
and OS. 


I log-level=warn 
I max-connection-per-server=4 
I min-split-size=5M 
I on-download-complete=exit 
| listen-port=60000 
I dht-listen-port=60000 
I seed-ratio=2.0 
| max-upload-limit=50K 


/I / Share the (down)load 

I Aria2 works with torrents, which remain the 
best way for downloading distros. Everything from 
upload throttling to share ratio can be specified on 
the command line. 


Whether aria2, Wget or anything else, using 
the same options twice is a strong hint that 
you should start to open up the config file and 
set some sensible defaults for your most 
common actions. 


| aria2c —seed-time=120 —seed-ratio=3.0 
http://releases.ubuntu.com/14.04.lAjbuntu- 
14.04.1-server-amd64. iso.torrent 


*1 C Don’t re P eat - Config it 

I w Aria2’s config file saves you retyping 
command line options such as where you want 
downloads placed, the rate limits for torrents, and 
the log level. 

Uncomment and change the defaults as needed 
- but if your distro doesn’t install a config file set 
your own: 


1ft 0ntheBeeb 

IW GetJplayer is a handy little Perl script 
that, almost since the launch of the BBC’s iPlayer 
service, has brought programme catch-up to 
non-x86 platforms and those without a fast enough 
connection to stream in realtime. 

It occasionally has to play catch-up with 
changes to the service and, as we go to press, 
the BBC has dropped the programme data 
feeds that gave getjplayer search and PVR 
capabilities. See squarepenguin.co.uk for any 
updates on this. 
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components usually means setting up your 
own Cloud server, but Seafile, which is aimed at 
collaborating teams, offers 1GB free at seacloud. 
cc. It also offers software for you r own server. Seafile 
is hosted on Amazon Web Services and written in 
Python; it’s well worth comparing with other ‘own 
cloud’solutions. 

Mail servers 

^ I We’re browsing, downloading and sharing 
without the Browser, but don’t forget command¬ 
line email goes back decades before the web. Mutt 
is still one of the most efficient mailers out there - 
whetheryou’re on Gmail, oryour own mail server. 

Whether you’re using the built-in mail (you may 
need to install mailutils) or go with Mutt, the syntax 
is similar: 


A Download by number 

I / GetJplayer still works with the pid you 
see embedded in the iPlayer web page URI for 
each programme you might want to download, 
so although you’ll need to browse the website 
until there’s a workaround, you can at least grab a 
programme like this: 

| get-iplayer -no-purge —pid p01x5k4n 

A Q YouTube down loader 

I O YouTube is a massive knowledge repository, 
containing instructional videos on everything from 
Beagle Boards to natural swimming pools (ie big 
ponds). They’re great for a long train journey where 
an intermittent Internet connection would make life 
difficult. Download ahead of time with youtube-dl 
(which also works with some other sites); just feed it 
the URL: 


IQ Flash without the web 

I w Get_flash_videos will usually help on sites 
where youtube-dl fails, but not always. With both 
apps, get into the habit of double-quoting URLs, so 
the shell doesn’t try and interpret special characters 
like &. 

AA Shared storage and cloud services 

Free and open cloud services are appearing 
with the burgeoning IndieTech movement, but 
Dropbox is still the service that most of us have 
accounts on - particularly as we often have to share 
files with other users for work. It’s a reasonable place 
to keep extra copies of config files you share across 
machines, for example. 

The command-line Dropbox script, which starts 
the service with Dropbox start, saves you running 
the resource-hogging Nautilus. Use symbolic links to 
save from disruptingyour normal file hierarchy: 


| youtube-dl http://youtube.com/ 
watch?v=za8FMIWYtUc 

If older versions give a 403 error, update or change 
https to http in the command, as above. 


|cd~ 

| mkdir Dropbox/.emacs.d 
| In -s Dropbox/.emacs.d 

Avoiding Dropbox and others with proprietary 


| mail -s “Hello, World!” hi@gmail.com cbody. 
txt 



AA Browser commands 

If you like the power of the commandline, 
but really spend more time in a browser than a 
terminal, try YubNub.org - a command-line-style 
web interface to search engines and more. Check out 
yubnub.org/kernel/most_used_commands to see 
the most popular of the tens of thousands of user- 
contributed commands. 
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Real-time log monitoring 
with Swatch 

Get notifications from predefined log events by 
setting Swatch to monitor for certain keywords 

by default. Swatch is a Linux tool that helps in 
monitoring the log files as they are being written to. 
It then takes necessary action if it finds something 
that it is configured to look for. This tool can be used 
as a way to proactively scan log files in real time for 
various suspicious activities, error messages or 
specific keywords. 

In brief, Swatch basically started out as a simple 
watchdog for actively monitoring the log files 
produced by UNIX’s syslog facility. Since then, It 
has been evolved as a utility that can monitor just 
about any type of log. You can consider Swatch as a 
command line utility that can be started by issuing a 
swatch command with various settings following. 

Please note that certain events that are 
logged have a great significance from a security 
standpoint. The default items that Swatch looks for 
are a good start: 


Advisor 

Swayam Prakasha 

has a master’s degree in computer engineering. 
He has been working in IT for years, focusingon 
areas like operating systems, network security 
and electronic commerce 


Resources 

Swatch bit.ly/1 KXNNDb 


Swatch stands for Simple Log Watcher 
or syslog watcher, depending on 
whom you ask. Either way, Swatch is 
a helpful program that does your log 
watching and notifies you only when things that 
you are specifically looking for get logged. Note that 
Swatch is a Perl program that regularly sweeps 
the main log files and looks for certain keywords 
that you can define. It can be run in two ways: in 
the background as a daemon or as a cron job. You 
can configure Swatch to alert you of any events in 
the messages or syslog log files that might indicate 
a security problem. However, Swatch can also be 
used to flag just about any kind of activity: a certain 
program being used, a particular user logging in or 
anything else that might appear in a log file. Swatch 
can be configured to watch application-specific 
log files instead of the general log files that it does 
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Bad logins: when the words ‘invalid’, ‘repeated’ or 
‘incomplete’ appear in the messages file 

• System crashes: when the words ‘panic’ or ‘halt’ 
appear in the log files 

• System reboots: the banner of your OS should only 
appear in the log files when you reboot 

Note that Swatch requires Perl 5 or higher. If you 
have a fairly new installation of Linux or BSD, then 
you should have a sufficiently current version. 

Swatch requires multiple Perl modules to be 
installed in order to function correctly. You must 
first install CPAN and download each module via the 
CPAN console. In order to install these modules, you 
may be prompted to install additional modules as 
well-the configuration process will tell you ifyou are 
missing any of these. 

We will need to use the following command to 
ensure thatthe required Perl modules are installed: 

| cpan -i module-name 

...where module-name needs to be replaced with 
Date::Calc, Date::HiRes and then Date::Format. 
Download the tar file from the SourceForge website 
and unzip it. 

Use this command to extract the files: 

| $tar -zxvf swatch-3.2.3.tar.gz 

Since Swatch is a Perl program, the installation 
process is slightly different to usual. Here is the 
sequence of commands that you’ll need to follow: 

| perl Makefile.PL 
| make 
| make test 
| make install 
| make realclean 

Once these processes are done, Swatch is installed 
and you are now ready to go. 

After installing Swatch, you will be interested in 
creating a configuration file. If we look at the contents 
of the Swatch configuration file, you can see that the 
syntax is very simple. All it requires is a definition 
of what to search for followed by an action for if a 
specific match is located. It is important to note that 
Swatch utilises Perl regular expressions to define the 
search parameters and perform a variety of actions 
(turn to page 56 for more on regular expressions). 

First, you need to create an empty file to be used 
as a configuration file. The normal practice is to 
create this file under /etc, and you can modify it by 
using any basic text editor. The Swatch configuration 
file is where you’ll find all of the important settings, 
and inside this file, called swatchrc by default, you 
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can tell the program what to look for in the log files 
and what to do if it shows up. Since the whole point 
of Swatch is to simplify our lives, configuring Swatch 
is pretty simple because everything is controlled 
by that single file: $HOME/.swatchrc (by default). 
It contains text patterns in the form of regular 
expressions that you want Swatch to watch for. Each 
regular expression is followed by the action(s) you 
wish Swatch to take whenever it encounters that text. 

The configuration file syntax begins with a 
watchfor keyword. Basically, this line instructs 
Swatch to search for specific patterns in the form 
of regular expressions. Each watchfor line is then 
followed by an action. 

There are two options available in swatchrc to 
specify the patterns to look for. They are: 

Watch for regex - an appropriate action will 
be taken when the regular expression specified 
in regex is found within the file or command 
being monitored 

- Ignore regex - take an action when there is 
any activity within the file or command being 
monitored, except for events that match the 
expression specified in regex 
In the following example, we will simply output the 
log entry to the console if an SSH connection has 
been established by issuingthe echo action. 

| watchfor /ssh/ 
echo bold 

Let us take a quick look at some of the options that 
are available with Swatch: 

Option _ Description _ 

—config-f ile filename Run Swatch usingthe 
specified filename as 
configuration file. If no 
filename is given, use the 
default one 
Restart Swatch at the 
indicated time 
Run Swatch as a system 
daemon 

Make Swatch do a complete 
pass through the specified file 
Swatch reads only the newly 
added ines in thef ile 
Display a short help summary 
Display the version of Swatch 

For example, the following command: 

| ./swatch —config-file /home/swayam/my- 
swatch- 

config — daemon 


Sample setups 

Generally, developers come across 
typical scenarios where they need 
Swatch to monitor situations like 
unexpected restarts. A typical 
configuration would be watchfor /halt/ 
restart/panic. You then add actions such 
as ringing the PC speaker using the bell 
keyword and sending an email alert to the 
system administrator. 

Also, be sure to specify multiple 
email addresses for different people 
whenever there is a critical watchfor 
section, like this: 

watchfor /ssh *failed/ 

{ 

mail=admin1@company. 
com;admin2@ company.com 
} 


...will run Swatch using the 
configuration file found at /home 
/swayam/my-swatch-config instead of the 
default configuration file. It will also run it 
as a background process or daemon. Please 
note that the above options may be issued alone 
or together. 

Swatch expects the .swatchrc file to live in 
the home directory of the user who invokes the 
program. Swatch also keeps its temporary files 
there by default. Each time it’s invoked, it creates 
and runs a script called a watcher process, 
whose name ends with a dot followed by the PID 
of the Swatch process that created it. However, 
Swatch generally doesn’t clean up after itself 
very well, instead it tends to leave watcher- 
process scripts behind. Consequently, users 
are expected to keep an eye out and periodically 
delete these in their home directory. 

The command —tail-file=[path to log file] 
directs Swatch to watch a specific log file for 
potential matches. 

An interesting feature of Swatch is that you 
can run multiple instances of Swatch, each 
configured to use a customised configuration 
file and watch a different log file. Some of the 
common log files that Swatch can use have been 
listed here below. 

■ /var/log/maillog - logs all email messages 

/var/log/cron - logs messages about cron 
job schedules 


—restart-time time 

—daemon 

—examine file 

-tail-file 

-help 

—version 


Linux & Open Source Genius Guide 49 






Tips & Tricks 


• /var/log/messages - logs system messages 

Let us understand all of the actions that Swatch 
can take when a specific search is found. Swatch 
provides a variety of actions that you can perform 
in response to a matched event. You can output 
alerts to the console, pipe output to another log file, 
send email alerts or even execute a remediation 
script. More than one action can be applied to a 
single event, therefore you can combine these to 
suit your personal requirements. The following table 
illustrates various Swatch action statements: 


Action Statement 

echo [mode] 


bell [number] 

exec [command] 

pipe [command] 
write [user1]:[user2] 

addresses=[address1]: 


Description 

The search text can be 
echoed onto the screen. Note 
that mode is optional and 
indicates the colour in which it 
is to be displayed, eg echo 
magenta 

This rings the PC internal 
speakerthe number of times 
indicated 

Executes a command line 
parameter. You can configure 
this to call a script that can 
then take further action 
This passes along a command 
to another process 
It causes an alert to be sent via 
theUNIXwritecommandand 
can be sent to one user ora 
group of users 
Sends an email using the 
Send mail 

program to a single email 
address or 


[address2]: multiple email addresses that 


[add3],subject=[text] separated bycolons 
throttle HH:MM:SS Waitfor HH:MM:SS (period of 
time) after a line triggers a 
match, before performing 
actions on another match of 
_ the same expression 


As can be seen from the table, Swatch can notify you 
of flagged log events in several different ways. The 
easiest is to have it beep or echo on the screen. If you 
are not around the server all the time then you can 
have it emailyou. If your pager or cell phone supports 
text messaging via email then you could have it send 
the message directly to you. You can also write a 
script to have the server dial a pager number using 
the UNIX tip command. 

Echoing the log output is considered one of the 
most basic functions of Swatch. This can be utilised 
as a way to gain the attention of the user (if they are 



currently using the console) by outputting the log 
contents to the console. 

To utilise the echo action, simply issue the echo 
keyword underneath the watchfor line as follows: 

watchfor /su|sudo/ 

echo [formatting keywords] 

Although it is very basic, we can note here that echo 
offers a variety of formatting methods in which to 
display alerts. You can set the text colour, underline, 
bold, strike-through, flash text, as well as combine 
multiple formatting keywords. 

Swatch can alert a user when there is a positive 
match by issuing a bell sound. The following example 
illustrates this: 

watchfor /su|sudo/ 

bell [total # of rings] 

I n what is considered a more efficient way of alerting, 
you can configure Swatch to send you an email 
whenever there is a match for a specific event. 
This can be considered a convenient way to alert a 
system administrator of real-time events without 
requiring them to be at the console. Let us take a 
look at an example: we will be sending an email to the 
administrator if a new application has been installed 
on the system. Note that the address contains an 
escape character for the email address \@ - this 
is required for Perl to format the address correctly. 
Also, if you would like to send spaces within your 
subject line, you must place an escape character 


Swatch in 
summary 

Although Swatch is limited in its abilities, 
it proves to be a very powerful tool to 
implement alongside other security 
products to proactively monitor system 
logs. The goal of a system administrator 
should be to run Swatch neither ‘too 
hot’ (alerting us to routine or trivial 
events) nor ‘too cold’ (never alerting us 
about anything). Swatch gives system 
administrators great log monitoring 
options; as a result, it’s a perfect tool for 
monitoring SSH or Denial-of-Service 
attacks on your Linux servers, possibly 
alerting you to trouble before it’s too late. 


prior to each space: 

| watchfor /[il]nstalled/ 

| mail addresses=admin_person\@mycompany. 

subject=Unauthorised\ Application 
Installation 

It is important to note here that the throttle action 
helps to prevent denial of service attacks via Swatch 
(eg deliberately triggering huge numbers of Swatch 
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CHANGES COPYRIGHT INSTALL lib 
COPYING »Mftn KNOWN DUGS Makefile, 
gav^lubu. /s»atch0.2.3s perl Makefile.PL 


writing Makefile for swatch 
•ruing MYMtiA.ynl ano MYHtiA.json 
gav«lubu:-/swatch-3.2.3S sudo «ake 
[sudol password for gav: 

p lib/Swatch/Actions.pn blib/lib/Swatch/Actions.pit 
utoSplitting bllb/Ub/Swatch/Actions.pn Iblib/Ub/auto/Swatch/Actions) 
llb/Swatch/Threshold.pai bUb/lib/Swatch/Threshold.pa 
i Ub/Swatch/Throltle.pa bUb/llb/Swatch/Throttle.pif 
.1 swatch blib/scrlpt/swatch 

/usr/bin/perl -MExtUtils::HY -e ■MY->flxin(shiftl' •• blib/scrtpt/swatch 
" tifylng blib/aanl/swatch.lp 
iltying blib/aan3/Swatch::Actions.3p« 
sifying blib/aan3/Swatch: -.Threshold.3om 
11 fying nl 1 h/nanVSwatrh:-Thrnttle 3(» 
gavflubu~/4«atch-3 2 3S | 


■ You’ll see lots of prerequisite warnings as you run the make steps 


“A feature that Swatch provides is 
its ability to specify a given time of 
day an action will be performed” 


events in a short period). In other words, throttle 
gives Swatch the intelligence to ignore repeated 
occurrences of a given event, potentially preventing 
minor events from becoming major annoyances. 

As a part of remediation, Swatch has the ability 
to execute a secondary script if a specific event has 
been detected. This functionality of Swatch could 
trigger a further action or actions in response to 
an event. The syntax required you to use the exec 
keyword and accepts some bash, Perl and othervery 
useful commands. 

The following example illustrates this as we direct 
Swatch to execute a remediation Perl script if it 
detects a port scan against the system: 

| watchfor /[cCjonnection closed by/ 
exec “perl /usr/bin/custom_ 
remediation.pl” 

Another important scenario where Swatch can be 
used is to avoid a storm of alert messages. That 
is, we can configure Swatch to take a specific 
action only if it detects a certain number of similar 
events within a certain timeframe. Let us consider 
a scenario where there are multiple SSH failed 
log-in attempts within a specific time period. We 
can configure Swatch to search for this case and 
take an action, sending a message to the system 
administrator as well as outputting a log message 
to the console. The following command will handle 
such a case: 

| watchfor /ssh.*failed/ 


echo bold 

mail addresses=admin_person\@ 
mycompany.com, 

subject=Possible\ SSH\ Brute\ Force\ 
Attempts 

threshold track_by=$l, 
type=threshold, 
count=5, seconds=10 

We can note in this example that we have set the 
threshold here as five failed attempts to log in to 
the system within ten seconds, although you can of 
course set your own. 

Another powerful feature that Swatch provides 
is its ability to specify a given time of day that 
an action will be performed. This will be very 
beneficial to perform a certain set of actions over 
the weekend or after business hours. To apply a 
time constriction to an action, we need to append 
the keyword when= followed by the time duration 
after an action. The syntax used to represent 
the timeframe is indicated in numerical format: 
each day of the week is represented by a number 
between one and seven (7 = Saturday, 1 = Sunday) 
and hours are represented in a twenty-four hour 
timeframe between one and twenty four. The 


following example illustrates this concept: 

| watchfor /system full/ 

mail addresses=admin_person\@company. 

subject=File\ SystemX Full, 
when=7-l:l-24 

A user will be alerted by Swatch only over the 
weekend if astorage drive becomes full. 

It is always advisable to follow some best 
practices when you are using Swatch. If Swatch’s 
actions don’t fire very often, it could be because your 
system isn’t getting probed or misused very much. 
Nevertheless, it could be just as likely that Swatch 
isn’t casting its net wide enough. In such cases, you 
may need to continue to periodically scan through 
your logs manually just to see if you’re missing 
anything and then continue to tweak the Swatch 
configuration file .swatchrc. As another good policy, 
you should never forget to periodically reconsiderthe 
auditing/logging configurations of the daemons that 
generate log messages in the first place. It is critical 
to realise that Swatch won’t catch those events that 
aren’t logged at all. 
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Turn an old PC into a NAS box 


Advisor 


Phil KingSince starting out on CRASH 
magazine in 1988, veteran 
videogames and technology 
1 journalist Phil hastinkered with all 
1 sorts of hardware and reviewed 
■VSk hundredsofappsandgames. 


Resources 

Spare PC with at 
least 512MB of RAM 
FreeNAS 

sourceforge.net/projects/nas4free/files 

Home network 


Repurpose old hardware with NAS4Free to 
use as a NAS server for backups and more 


The fast pace of technological progress 
is great, but it does mean that hardware 
soon becomes redundant. This begs the 
question: what do you do with that old 
PC gathering dust in the attic? Apart from selling 
it or giving it away, another option is to turn it into 
a network-attached server for storing files, media 
and backups. For this purpose there are several 
specialist distros to choose from, including FreeNAS 
and OpenMedia Vault. Flowever, to encompass as 
much older hardware as possible, we’ll be using 
NAS4Free - a legacy version of FreeNAS - since it has 
lower system requirements. Officially, it only requires 


512MB of RAM to work, but you may be able to get 
away with as little of 256MBfor the Full version. 

We’ll show you how to install NAS4Free on 
your old PC and then access and configure it 
remotely from a client PC via its web-based GUI. 
You can then schedule regular remote backups 
of selected folders using rsync and cron (or 
Windows Backup or OS X Time Machine). We 
also cover other uses including UPnP media 
streaming and downloading torrents (using the built- 
in Transmission) - you could even set up ownCloud 
hosting. So dust off that old PC and let’s get it 
workingforyou again! 
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01 


Download NAS4Free 

You can find the latest NAS4Free files at 


05 


Configure LAN interface 

Now remove the live CD/USB and reboot 


SourceForge. Choose either a Live CD ISO or Live the computer. After the bootup process, you’ll end 
USB IMG file, depending on whetheryou wantto boot up back at the same Console Menu. This time, enter 
it from CD or USB. Also, select the correct version for 1 to select your Ethernet interface (probably from 
your PC: x64 (64-bit) orx86 (32-bit). just one option). 


Boot it up 

Wfc After setting the BIOS on your old PC so 
it’ll boot first from CD (or the USB stick), insert 
your live disc/stick and boot it up. NAS4Free will go 
through the boot process, which may take a while 
to complete. 



AQ Choose install method 

ww You’ll come to a Console Menu. Enter 9 to 
install from your live CD/USB. In the next menu, 
choose option 2 to install it on the PC’s hard disk (or 1 
if you wantto run the OS from a USB flash drive). 


f\A Install to disk 

Hit OK on the next menu, choose the 
installation media and destination media, 
then say No to a swap partition (unless you 
have very little RAM). NAS4Free will then be 
installed on the chosen disk. Note the DATA 
partition parameters. 


AA ConfigureIPaddress 

vU Back at the Console Menu, enter 2 to 
configure the network IP address. Say No to DHCP 
and enter a static IP. Press Enter to accept the default 
subnet mask. Use your router’s IP address as the 
default gateway and enteryourfavoured DNS. 


NAS4Free WebGUI Login 

Username: admin 
Password: ««■■«««« 



Access web GUI 

W# With the basic setup done, you can now 
access your NAS4Free server from another PC. Just 
enter its IP address in a web browser and you’ll see the 
NAS4Free web GUI. The default username is ‘admin’, 
with password ‘nas4free’. 


BackupOSX 
and Windows 



Easily back up a Windows PC 


You can access your NAS4Free CIFS/SMB 
share on a Windows PC by typing \\[your 
NAS4Free IP address] in the Explorer. 
While you could back up using rsync, it’s 
easier to use the Windows Backup feature 
(on Windows 7 Professional or later). 

Go to Backup & Restore>Set Up Backup, 
then hit the ‘Save on a Network’ button. 
Browse to your NAS4Free shared folder, 
then click Next, choose backup settings 
and set the schedule forthem. 



Back up your Mac via AFP 

Again, you could use rsync, but to 
use Time Machine just share your 
NAS4Free drive via AFP. In the web GUI, 
go to Services>Users & Groups and click 
Groups. Click ’+’, fill the fields, then Add 
and Apply Changes. Click Users>+ and fill 
in the fields, assigning the Primary Group 
as your new one. Go to Services>AFP and 
click Shares. Click '+’, add a name and 
comment, hit the Path ’...’ button and 
choose your drive’s mount point. Enable 
automatic disk discovery and choose 
Time Machine. Click Add>Apply Changes. 
In Settings, click Enable, tick both 
authentication options, then Save and 
Restart. Now hit Go>Connect to Server 
and enter afp://[NAS4Free IP]. In Time 
Machine’s Preferences, hit Select Disk and 
you’ll see your shared NAS4Free folder. 
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Another neat feature of NAS4Free is 
its built-in Transmission BitTorrent 
client. From the web GUI, go to 
Services>BitTorrent and click Enable. 
Add the download and watch directories, 
alter any other settings you want, then 
hit Save and Restart. Now, whenever you 
add a torrent to the watch folder (from any 
connected PC), your NAS4Free server will 
start downloading it. Click the URL at the 
bottom of the Services>BitTorrent screen 
to check its progress. Note: you may need 
to get your routerto forward the port used. 


OQ General settings 

UO For extra security, you can change the 
username and password via System>General - click 
the Password tab to change it. The General menu 
also enables you to alter settings such as DNS 
and time zone. 



/>Q Add disk 

w w Go to Disks>Management and click the'+’ on 
the right. Choose your hard disk from the drop-down, 
then the file system for a pre-formatted disk - if it’s 
not, you can format it via Disks>Format. Click Add at 
the bottom, then Apply Changes. 

Add mount point 

I W You need to add a mount point for the disk. 
Go to Disks>Mount Point and click Choose your 
disk from the drop-down, keep UFS file system enter 
partition number 1 and then a mount point name. Click 
Add, then Apply Changes. 


A i*| Enable sharing 

I I Go to Services>CIFS/SMB and click Enable. 
Click the Shares tab, then ’+’ and enter a name and 
comment. Click for Path and choose your mount 
point name from the pop-up. Click Add, then Apply 
Changes. Click the Settings tab, then Save and Restart. 


A Q Remote access 

I You can now access the shared folder from the 

file browser of another PC - Browse Network>Windows 
Network>W0RKGR0UP>NAS4FREE>shared folder. 
Create a Backups subfolder in it, to separate them from 
shared files and media. 


^ O Set up rsync 

I O On the web GUI, go to Services>Rsync. Clickthe 
Modules tab, then enter a name and comment. Hit the 
Path button, select your mount point and Backups 
subfolder. Click OK, Add, Apply Changes. Click Settings 
tab, Enable, then Save and Restart. 
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“For extra security, you can change 
the username and password ” 


o—- 


SSH login 

I W Setting up SSH key authentication (see bit. 
ly/IzGfaug) is done from the command line. First, open 
aterminaland enter: 


Start up SSH 

I ™T We’ll want to use rsync with SSH to back up 
files securely from the client computer to our NAS4Free 
server. In the web GUI, go to Services>SSH and click 
Enable. Tick the ‘Permit root login’ option. Then click 
Save and Restart. 


1C Back up with rsync 

I w Now let’s try a manual backup from the client 
PC. While you can run rsync from the command line, 
we’re using Grsync - a GUI front-end - for ease of 
use, particularly when choosing options. Choose the 
folder to back up, then enter the destination: root@ 
[NAS4Free IP]:/mnt/[mount point]/Backups. Click 
the gears icon and a dialog will then prompt you for a 
passphrase: enter your NAS4Free password (default is 
‘nas4free’).The backup will then proceed.This is fine for 
manual backups, but for automated ones we’ll need to 
setupSSH password-less, key authentication. 


| ssh -1 root [NAS4Free IP] 

Type ‘yes’, then enter the password to log in to your 
NAS4Free server. 



— 






«| "7 Generate SSH key 

I / Now we 
by entering: 


SSH key pair, just 


| ssh-keygen 


Press Enter to accept the default file location, then 
Enter to set an empty passphrase and Enter again to 
confirm it. YourSSH key pairwill then be generated. 



UPnP streaming 

Stream music, videos 
and photos 


You can also turn your NAS backup box 
into a UPnP media server. Make a folder 
for your UPnP server on the shared disk, 
via a client PC’s file browser or SSH, and 
subfolders for Music, Photos, Videos. Go 
to Services>DLNA/UPnP in the Free4NAS 
web GUI, click Enable and choose your 
new folder as the database directory. For 
the media library, click ’...’ and browse a 
subfolders, click OK, then Add. Repeat for 
the others. Choose a profile for your UPnP 
device. Enable transcoding if needed and 
selectthe Temporary directory. 


1 C Rename public key 

IO Renameyourpublickeyv 


~/.ssh/id_rsa.pub ~/.ssh/authorized_keys 


Then log out with: 
| exit 


Copy the private key to your client PC with: 

| scp -p root@[NAS4Free IP]:~/.ssh/id_rsa ~/.ssh 

Enter the password, then SSH in (step 16) and you won’t 
be asked for a password. 


1Q Automate backups 

I w You can now automate backups with ci 
the terminal, enter: 


Copy and paste your rsync command into a new line at 
the bottom, preceded by the time and date fields - it’s 
mins, hour, then * * * for a daily backup at that time, so 
for a 2pm daily backup you’d use: 

| 00 14 * * * 
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Tips & Tricks 


These buttons serve asafilterfor saved analysis. Since All is 
selected, it’s showingthe available types of saved analysis 


This creates a new analysis. Click and you can select the 
analysis type, including ad hoc, cockpit or location based 



This is the menu bar for regular users. Starting from home to All the analysis that’s saved for viewing later is available here, 

the logout button below, it is available in all pages You can simply click the blocks to view a particular analysis 


Get key insights from 
business data with SpagoBI 

Businesses need to ensure they make the right decisions based 
on their data. This is where business intelligence tools come in 


Advisor 

NitishTiwari is a software developer by 
profession and an open source 
enthusiast by heart. As well as 
writingfor leading open source 
magazines, he helps firms set up 
and use open source software for 
their business needs 


Resources 

SpagoBI home page 

www.spagobi.org 


Any business exists for one sole reason 
- to get customers. However, the 
business environment today makes sure 
companies are constantly on their toes, 
as a simple mistake can quickly take customers 
away. Business intelligence (Bl) is the field that 
aims to diffuse this situation. Business intelligence 
can be defined as a set of tools and techniques 
for getting meaningful and useful information 
out of raw data in order to help better analyse the 
business in question. Or more simply, business 
intelligence tools let you decide what’s right and 
wrong for your business, based on the data from it. 


You may think ‘if the data is from my business, 
why can’t I just make decisions right away, instead of 
using software tools in between?' The reason lies in 
human evolution: we evolved in an environment where 
quick decisions needed to be taken based on visual 
information, so we are generally bad with numbers, 
especially when dealing with lots of them. But today 
we’ll introduce you to the open source Bl tool SpagoBI, 
which does the hard work for you. You will see the 
installation steps and then learn how to make the 
best decisions with SpagoBI on your side. For demo 
purposes, Ubuntu 14.04 has been used as the host 
system and SpagoBI stable version 5.0.0. 
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/I Begin the Installation 

w I To begin the installation, you need to 
download ‘All-ln-One-SpagoBI-x.x-yy.zip’ from http:// 
forge.ow2.org/project/showfiles.php?group_id=204 
(x is the version and yy is the release date). The zip 
file has the SpagoBI server and database rolled 
together, so there is no need to download anything 
else. Note that SpagoBI uses the default Tomcat 
port 8080, and you may have problems if you have 
previously installed Jenkins or other software that 
uses Tomcat port 8080. It’s better to start with a fresh 
Linux installation and you also need Java installed 
on your computer. To check if its already installed, 
execute the command java -version in the terminal; 
if you get a response with that command, you’re 
good to go. If the command returns something like 
‘The program java can be found in the following 
packages’, then install java using sudo apt-get install 
default-jre (on Ubuntu). Once you have done this, 
continue the process. 

After downloading the file, unzip it and go to the bin 
folder via the terminal. Type the command: 

| cd /<location of download>/SpagoBI- 

server-5.0/bin. 

Grant permission for the shell scripts to be executed 
and use the command chmod755*.sh. Also, 
navigate to the /database folder and change the 
permissions in that folder too. After changing the 


permissions, return to the bin folder. Note that by 
using ‘*.sh’ we are changing the permissions for all 
the files with extension .sh - not a good practice in 
production environments. 

Execute the shell script to run SpagoBI. Use the 
command ./SpagoBIStartup.sh. If you see a message 
like ‘Start up sequence completed in xx ms’, goto your 
browser and access SpagoBI using the URL http:// 
localhost:8080/SpagoBI/. 

Once the page opens, you can log in using the 
default credentials mentioned there. 

Get started 

Vfc As a Bl tool, SpagoBI’s main focus is to 
help generate actionable analytics. To achieve this, 
SpagoBI connects with a range of data sources 
(like databases) and provides a simple and easy- 
to-use GUI to help you create analyses. If you just 
want to explore the features, go ahead with the 
default credentials mentioned on the log in page. In 
a production environment though, you will need to 
create users. For demo purposes, the biuser and the 
biadmin users have been included. 

Now start creating your analysis. Log in as biuser 
and click on the My Analysis link. In the new page that 
opens, click on Create Analysis in the top-right corner. 
The next page will ask for the reporting type; select 
‘ad hoc reporting’. You can now select the appropriate 
dataset for your analysis. Since there is no dataset 
created yet, use the sample one. 



Create the analysis 

W Once you hover on a dataset, you get two 
options - ‘show worksheet’ and ‘show QbE'. Select the 
worksheet option to open up the worksheet designer 
(QbE will be covered later). The designer lets you select 
the visualisation style, like a bar chart, pie chart, line 
chart and different tables. Once you select the style, 
drag and drop the data fields to the designer. Note that 
these fields are based on the dataset you first selected, 
and they serve as the input to the graph. After the data 
is fed, preview the analysis using the Preview button in 
the top-right corner. If everything looks right, click the 
Save button above Preview. After an analysis is saved, 
you can view it later under the My Analysis menu. 
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Define a query with QbE 

w“T The ability to draw graphs from a fixed 
dataset isn’t enough for real-world scenarios. 
You may want to look at things from multiple 
perspectives. With QbE you can define your own 
query graphically, execute it, check the results, 
export them, save the query for future use and 
generate a reporting template. To start, select QbE 
during the analysis creation. A schema window 
(related to the selected datasheet) and a query 
editor will open. To create a new query, drag and drop 
the relevant dataset fields to the query editor on 
the right - you can apply filters. Once the fields are 
populated, query is generated automatically. View, 
using preview, or create graphs for this new query 
using the worksheet tab. QbE also works on data 
models that are madeavailable by the admin. 
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Create datasets 

As in the previous steps, datasets form 
3 for creating analysis, so now see how to 



create your own datasets in SpagoBI. Click on the 
My Data link on the left menu bar and you will see 
all the preloaded datasets. Then click on the Create 
Dataset button in the top-right corner of the page. 
The new pop-up asks you to upload an .xls or .csv file 
containing the data. Once you have uploaded the file, 
you need to select the delimiters, quote characters 


“SpagoBI will automatically identify 
the column headers. Then define the 
attributes and values” 


and encoding of the file. SpagoBI will automatically 
identify the column headers. Then define the 
attributes and values for each of the columns. 
Once done, the data is ready for preview, so check if 
everything is the way you want it to be before saving. 
The dataset is now available foryou to play with. 


AC Make models 

w w The main difference between models and 
datasets is that while datasets are predefined data 
imported from different sources (like Excel files), 
models are related to the databases directly. You can 
create datasets from models too. Models, however, 
can be created by admins only. To create a new data 
model, you need to log in as admin first. First, see how 
to add a data source like a new database. Click on the 
resources link and then go to Data providers>Data 
Source. Here, you will see two preloaded databases. 
Click on the Add New button and a new form will open 
on the left - fill it with the relevant details (database 
connection specific details). Once filled, click on the 
Test link in the top-right corner to check if SpagoBI 
can connect to the database, then save it. 

Click on the resources link and go to Catalogues> 
Business Models Catalogue. Here, add a new model 
and select the data source as the newly added 
database. Save the model to finish the process. You 
can now seethe new model underthe My Data link. 


58 Linux & Open Source Genius Guide 







Linux & Open Source\v / 

Genius Guide = 



Add data to the cockpit 

w# Cockpits provide an interactive way to 
enable faster data insights. With data mash- 
up support, you can add enterprise data or 
externally sourced data to your cockpit. 
To create a cockpit, go to My Analysis> 
Create Analysis>Cockpits. In the page that follows, 
you have a clean canvas available. Add widgets 
to the canvas using the Add Widget button in the 
top-right corner. After clicking the button, a 
new blank widget will appear. You need to 
then configure the widget with the data you’d 
like to be displayed. The widget setup is roughly 
the same as the analysis setup in Step 3. You can 
add as many widgets you please, and then save it for 
future viewing. 


; GEO and GIS engine 

wO SpagoBI GEO engine enables users to re¬ 
aggregate information dynamically, according to 
a geographic hierarchy (nation, region or district, 
for example) defined by the administrator. This 
engine can be used irrespective of geographic 
context, so you can display the distribution of 
indicators on any structure that can be represented 
on a map, including process flow diagrams and 
hardware infrastructure topology. To create a 


geographical analysis, go to My Analysis>Create 
Analysis>Location. This interface lets you select the 
hierarchy, the level of integration (with extra charts 
and values) and the map selector. You can also zoom 
in and out of the map, access legends and do most 
things possible with other graphs. 

SpagoBI also has the GIS engine, which helps the 
visualisation of business data on a map. The trick 
here is that you can select the cartographic layers 
that you’d like to see the data on. For example, you 
may think viewing the sales data state-wise is cool, 
but what if you could view the sales data based 
on population concentration? Wouldn’t it provide 
a better idea of the sales quality? Take a look at 
SpagoBI GIS engine to see this in action. 
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Access the document browser 

The document browser gives access to the 


functionality tree containing all SpagoBI analysis 
documents and folders. Wherever you may have 
saved your analysis, you can find it here with the 
document browser. There is also the search, sort 
and filter functionality available to help you handle 
the documents properly. Note that the documents 
available in the browser are clickable, enabling 
you to get the data directly once you find the 
relevant document. To get started, click on the My 
Documents link in the left menu bar. 

41*| To finish 

I w While SpagoBI is the first 100% open 
source Bl tool, it is also huge in size. It has so 
many features that it would probably take 
a full magazine to describe all of them in 
detail. Combined with the complex field of data 
analytics, you would probably get lost in the 
details, especially if you are a beginner. However, 
as they say, the journey of a thousand miles 
starts with the first step, so don't be intimidated 
but consider this article and SpagoBI as the 
stepping stone to get you started on your 
journey of data analytics. Not only will this help 
you understand customer behaviour, but you will 
also get some great insights into data visualisation 
more generally. 
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Use a variety of popular cloud services to By performing occassional backups, you 

properly back up your system create a grandfather system 


Schedule file backups so you can quickly Create perfect copies of your system with 

and easily save important files to the cloud Clonezilla for a thorough backup 



Back up to the cloud 


Automatically back up your files or entire 
system and send directly to the cloud 


Advisor 

t Rob Zwetsloot models 

complex systems and is a web 
developer proficient in Python, 
Django and PHP. He loves to 
experiment with computing 


Resources 

Cloud storage account 

lUCkyBackupiuckybackup.sourceforge.net 

Clonezilladonezilla.org 


Backing up is always important, but 
one of the most important aspects 
of backing up is the storage of said 
backup. There are various levels of 
security you can give your backups; you could keep 
them on the same computer in case something 
goes wrong with the original files, for example. 
Alternatively, backing up to a different system 
in the local network means your files are safe if 
there’s a hard drive or other catastrophic failure. 

An offsite backup is still the safest option 
though, protecting against even greater threats like 


fire or theft. Truly, the best way to back these files 
up with the smallest risk of losing them is to send 
them to the cloud. 

Large cloud storage solutions have the 
advantage of keeping data safe even in the 
unfortunate event that a data centre has gone 
down, which means the possiblity of losing your 
backed-up data is very low in this case. 

In this tutorial we’ll show you how to properly 
back up files and certain aspects of your PC, and 
then show you how these can be sent to the cloud 
service of your choice. 
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■ Grab luckyBackup 

w I Install luckyBackup, a great little backing- 
up application that contains scheduling features, 
customisable backup tasks and profiles for grouping 
tasks. Install it from your repository; the package 
name is luckybackup. 


□ 

Set up profiles 

Wfc Back up your important documents - we’ll 
assume you’re keeping them in Documents, in your 
home directory, but if they’re placed anywhere else 
then just switch out that folder for Documents. Go to 
Add underneath Task to begin. 


AQ Task settings 

ww Name the task whatever you wish so you 
can remember what it is, choose the Documents 
folder as the source and, for now, create a new 
folder called ‘backup’ for all the backed-up files. 
Keep the Type field the same. The benefit of doing 
the backup this way is that only new or updated files 
get included. 


Testtask 

w“T Before we go any further, it’s best to test the 
task you’ve created. Click the check box for the task 
and it will display a triangle to let you know that you 
haven’t done a backup before. Click Run to perform 
the first backup of these files and it will let you know if 
there are any errors. 


“SZ 


First scheduling 

w w On the main menu, click on the clock symbol 
next to the red x to bring up the scheduling window. 
Here you can select when backup profiles are 
performed, down to the hour, day and even month. 
These are done on a per-profile basis and can also be 
activated on a reboot. 


AA Extra profiles 

UD i 


The scheduling is performed per profile, 
so if you have different files you want to back up at 
different times then you’ll have to create separate 
profiles. You can group multiple tasks under one 
profile if you need to back up multiple locations at 
once by using Prof ile>New. 



Choose a cloud 

W / Any cloud service will be fine for our 
purposes, however our main concern is space. 
Documents won’t take up much space at all - it’s 
less than you’d think - but once you get to music, 
video and the disc images we plan to upload later 
then the required space begins to increase rapidly. 
Choose your service wisely. 

Connecting to the cloud 

wO Cloud services that work properly on Linux, 
such as Dropbox, will create a folder in the home 
directory for syncing files or let you choose a folder 
to sync. If you’re using your cloud space for other 
files, we suggest creating a backup folder inside the 
sync folder for you to work with. 


Linux & Open Source Genius Guide 61 





















Tips & Tricks 



Multiple computers 

W w One of the benefits of syncing all the files 
to Dropbox is that they can also be downloaded to 
another system. You can either do this to create a 
more accessible backup, or back up multiple sets 
of documents to the cloud. Make sure any files that 
might clash are kept separate. 

1H Quickhard drive backup 

I w The full root system of your computer 
can be backed up quickly. It will save all your 
files and programs without needing to make 
a big disc image. This won't be a complete 
backup as such though, as it won't remember 
permissions very well, but it is better than 
nothing. When creating a backup task set 
the source as/. 



Complete image backup 

I You won't be able to do this within the 
running operating system. The best software 
we can suggest for this is Clonezilla, which 
is a live disc that runs ghosting software. 
It can be obtained from the Clonezilla website 
(clonezilla.org). 


Backup location 

I I You can’t set the location to be the original 
hard drive as this can cause errors when trying to 
copy what you’re creating. Either use a separate or 
external hard drive that’s large enough to contain 
the files or have a spare partition purely for the hard 
drive backup. 

“The best 
software for this 
is Clonezilla” 



rfO Use Clonezilla 

IW Write the Clonezilla ISO to disc, reboot your 
system and make sure you boot from disc. Follow along 
with the menus to select your language and resolution 
until you get to the first proper Clonezilla option screen 
- choose device-image, as we want to create an image 
from a device. 



Createthe image 

I “T Choose locaLdev so you can select a local hard 
drive or partition, and then select the partition or drive 
where you want to save the image to. Choose beginner 
mode, and then choose whether you want to save the 
entire hard drive or just partitions from the hard drive. 
Finally, select the partition, and then go through the 
menus before finally hitting Yes to start. 

1 C u P load concerns 

I w The resulting image will be large, easily 
totalling in the tens or hundreds of gigabytes 
depending on what exactly goes into the backup. 
Uploading this will take a while, and some 
cloud services have limits on the size of files you 
can backup. 

It also won’t just change the differences in the 
image and will entirely replace it each time. We 
suggest doing this kind of backup less often - once 
every week or month depending on your needs and 
data allowance. 
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Breakdown images 

I w One method you could use to try and 
make uploading easier is to split it up into 
multiple zip files - this won’t compress the 
image, but it will make the files much more 
manageable to upload to the cloud. In Linux 
we can do this in the terminal by first turning it into a 
zipfilewith: 

| $ zip image.ISO 

( 1 ^ Split the zip 

I / Once the zip has been created (it may take 
some time), go back to the command line. Decide 
what size you want the chunks to be - 100MB 
usually works well - and then split them with the 
following command: 

| $ split -b 100M image.zip 

IQ Bringthe zip back together 

IO It’s easier to split the files than it is to put 
them back together. Once you've downloaded all the 
necessary parts, you’ll need to make sure they’re 
all named similarly (something like image1.zip for 
example) and then you can bringthem together with: 


| $ cat image* > -/backupimage.zip 


“You can group multiple tasks under 
one profile if need be” 


IQ Restore documents 

I w Restoring your documents is extremely 
easy - you’ll just need to download them from the 
cloud backup and put them back in their original 
place. Services like Dropbox allow you to choose 
previous versions of a file, in case any newer ones are 
corrupted as well. 



20 


Restore an image 

Download the image and create another 


Clonezilla live disc or USB if you need to. Have the image 
attached in some way to the system and go back into 
Clonezilla. Again, we want to go to device-image as we 
will be restoringfrom an image. 

Choose the image 

^ I Use the options from before, being sure 
to choose the hard drive you wish to restore to as 
the destination. On the screen where you would 
usually hit savedisk or savepart, look for the restore 
disk option. Choose the image and the hard drive to 
restore to again and begin. 


99 Automationfordisks 

Unfortunately, there’s no way to automate 
the disk imaging process unless you create scripts 
and do it via virtualisation. However, it shouldn’t be 
necessary to do this kind of imaging on a regular 
basis. With a bit of practice and playing around with 
settings on everything, though, you should be able to 
make the backing up of documents and images an 
easy process that takes very little maintaining. 
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This section lets you upload your 
data. It serves as the starting 
point to create new charts 


Here you can check the data format, 
uploaded in the previous section. 
You can also edit the data 


New chart button leads you to a blank 
page for creating new charts. You can 
also access all the saved charts here 



Once the data is pasted in the text Select the chart type to visualise the You can choose to get the code here and 

area, click on the “Upload & continue” data. Once the chart is selected you can embed it directly to another webpage or 

button to move to the next step also set parameters forthe charts here. export an image of the chart for printing 

Visualise your 
data with Datawrapper 

With average attention spans falling, data visualisation is a very 
important way to put your point across quickly and efficiently 


Advisor 

NitishTiwari is a software developer by 
profession and an open source 
enthusiast by heart. As well as 
writingfor leading open source 
magazines, he helps firms set up 
and use open source software for 
their business needs 

Resources 

Datawrapper home page 

www.datawrapper.de 


A recent study from the National Center 
for Biotechnology Information found that 
the average adult’s attention span has 
now dropped to a mere eight seconds from 
12 seconds a few years back. While this drop doesn’t 
seem to be too much from the previous statistic, it 
means that you potentially have even less time to 
put your point across. It is very important for us to 
now communicate in easy-to-understand yet catchy 
language. How can you create compelling stories 
every time? The answer may lie in the common phrase 
‘a picture is worth a thousand words’; our minds can 
process images around 60,000 times faster than text. 


So why not convey key messages with images 
and graphs? In this tutorial, we will introduce you 
to Datawrapper, which helps you to convert boring, 
raw data into easily comprehensible graphs. It's 
based on the server-client model and you can install 
Datawrapper onto a server - anyone on the network 
can then access it via their browser. After creating 
a graph, you can either embed it in a webpage (the 
server should be accessible from the webpage) 
or export it as an image for printing. With support 
for several kinds of graph, Datawrapper has you 
covered for all data types. We will now start with the 
installation process, and then move on to plot graphs. 
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Installation 

Before we start with Datawrapper 
installation, you need to have Apache server (with 
mod_rewrite and .htaccess enabled), PHP (version 
5.2 or above) and MySQL server installed. These 
are all available under one package - the LAMP 
server. To install the LAMP server, first refresh the 
package index using sudo apt-get update. Then 
install the package using sudo apt-get install lamp- 
server''. To enable mod_rewrite use the command 
a2enmod rewrite and then restart apache using 
service apache2 restart. You can also install 
phpMyAdmin (optionally) if you are not comfortable 
using the command prompt for databases. To install 
phpMyAdmin use sudo apt-get install phpmyadmin. 

Due to its design, a separate domain is required 
for datawrapper. It’s not possible to run it in a 
subdirectory, ie http://localhost/datawrapper will 
not work. Let’s now get started with the i nstallation. 

Download and unzip the Datawrapper repository. 
It is available at https://github.com/datawrapper/ 
datawrapper. Navigate to the datawrapper folder 
in command prompt and type: curl -sS https:// 
getcomposer.org/installer | php. This installs 
composer onto your server. Now run php composer, 
phar install. This downloads all the dependencies 
required by Datawrapper. Create a new MySQL 
database and initialise the table schema using / 


lib/core/build/sql/schema.sql. You can simply 
import the schema file if you are using phpmyadmin. 
After the database is created, rename the file /lib/ 
core/build/conf/datawrapper-conf.php.master to 
datawrapper-conf.php and update the dbname, 
dbuserand password in the file. 

We have used Ubuntu 14.04 as the host system 
and Datawrapper version 1.7.11 for installation. 

Web server configuration 

Now that the dependencies are installed 
and the database is ready, vwe need to create 
two new virtual hosts - one for the Datawrapper 
instance, eg http://datawrapper.local (pointing to 
/www folder inside the datawrapper folder) and 
another for datawrapper charts, eg http://chart. 
datawrapper.local (pointing to the /charts/static 
inside the datawrapper folder). First create two 
copies of the default configuration file (000-default, 
conf), and name them as per the host names. Use 
the commands: 

| #sudo cp /etc/apache2/sites-available/000- 
default.conf /etc/apache2/sites-available/ 
datawrapper. local. conf 

| #sudo cp /etc/apache2/sites-available/000- 
default.conf /etc/apache2/sites-available/ 


cha rt. datawrapper. local. conf 

Then update the DocumentRoot and ServerName 
fields in both the files created above. Enable the 
access to the document root added above in the 
apache2 configuration file (available at /etc/apache2/ 
apache2.conf). This is required because apache2 is 
generally configured to not allow access to root file 
system outside /var/www. Enable the sites by using 
the command: 

| #sudo a2ensite datawrapper.local.conf 

| #sudo a2ensite chart.datawrapper.local.conf 

Then you need to create the configuration file by 
copying the config.yaml.template file to config.yaml. 
Update the domain, chart domain and the email 
address in the file. Also, make sure the /charts folder 
(and everything inside it) is writable by the web server 
process. Then install the core plugins using php 
scripts/plugin.php install “*” and run make to build 
the JavaScript library. 

This completes the installation process; you can 
now access datawrapper at http://datawrapper. 
local, and if everything is fine then you’ll see the 
message “Congratulations! You have successfully 
installed Datawrapper". 
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Get started 

UO Before creating your first graph, you need to 
create an account to be able to embed your charts 
to other websites; there is little use in creating and 
keeping the graphs yourself. Click on the "Login/ 
Sign Up” button at the top-right corner to create your 
account, then log in using your credentials. Next step 
is to activate the email id you entered while creatingthe 
account. If your Datawrapper host has the email server 
configured, you will get an email with the validation link 
- click on the link and you are ready to go. 

If the email server can’t be activated for some 
reason, or if you have installed Datawrapper on your 
home PC just to have a look at it, you need to validate 
the email manually. To do this, go to the phpmyadmin 
on your host and open the user table inside 
Datawrapper’s database. Go to the column activate, 
token and copy the string (corresponding to the email 
you want to activate). Now, go to your browser and 
access the URL http://datawrapper.local/account/ 
activate/<activate_token>. (Substitute <activate_ 
token> with the string copied from database.) 


A / Data upload 

w“T To create a chart, click the “New Chart" 
button at the top-right corner. On the next page, 
you need to upload the data - anything that you 
would like to plot in the form of chart. It just needs 
to have at least a pair of data points. Adding data to 
Datawrapper is very easy as well. If you are working 
in OpenOffice or Excel, simply copy and paste the 
data (including row/column headers) intD the text 
field marked “upload your data”. If you have a CSV 
file, you can directly upload it. If you don’t have data 
at the moment but plan to look at how things work, 
there are a few sample data sets available under 
Sample Data, so just click on the link you want to 
use and the data gets populated. After uploading the 
data, click on the “Upload & continue” button. 


Check and describe data 

w %J The next step is to check and describe the 
data you just entered. As you paste/upload the data, 
Datawrapper automatically checks and displays 
it in a tabular form. You need to carefully inspect 


“The next step is to check and 
describe the data you just entered” 


it to make sure that the data is interpreted in the 
way you want it. If there is a change required, you 
can edit the table directly. You can control whether 
the first row is interpreted as label or data. You can 
also credit the data source; it will be shown in the 
bottom-right corner of the map if you update the 
fields under Credit the source. There are a couple 
of other options: to customise the columns use the 
check box on the column header. As you click, a new 
menu opens up on the right side. Click on the row- 
column intersection to transpose the table. After 
the validation is done, click on “Visualize” to go to the 
next step. 

O Visualise data - various chart types 

w w Data can take any shape or size, so charts 
need to be flexible too. The visualisation tab lets 
you simply click a chart type to visualise the data 
entered in the previous step. You can select bar 
chart, line chart and a few other types of column 
and pie charts to visualise your data. With smart 
data visualisation, you don’t really need to bother 
with the nitty-gritty of plotting charts - if the chart 
doesn’t look as you imagined it would, just click 
“transpose the data" link and the chart will take a 
comprehensible shape. If there is still a problem, 
you can select a different chart type. 
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“The “Tell the story” tab lets you edit 
the title of the chart” 


fY7 Refine the charts 

W # After you select a chart type for your data, 
it’s time to fine-tune it to suit you. Click on the 
“Refine the chart” tab; you can find options based 
on the chart you selected earlier here. 

• Bar/column charts: If you have selected, 
bar/column charts, you get the option to 
customise the base colour. You can also choose 
to automatically sort the bars and reverse 
their order. 

• Line charts: In addition to changing their colour, 
you can choose to fill the area below the chart, set 
the interpolation to straight, curved or stepped. 
You can also customise they axis here. 

• Data tables: You can add sorting to data 
tables using the refining option. The table 
can also be displayed in several pages, if it has 
several columns. 

• Pie/donut charts: You can edit the colours for 
these types of charts. 


/■VQ Add story to the chart 

O Now that the charts are customised, 
let’s add story to the chart. The “Tell the story" 
tab lets you edit the title of the chart and 
add some description to the chart itself. This 
info gets displayed at the top-left corner of the 
chart window. You can highlight the important 
elements of the chart, using the drop-down 
available below the description window. If 
you forgot to credit the chart data source in the 
“Check & Describe” section, you can do that in here 

/■\Q Publish & Embed 

W w This is the final step in the chart creation 
process. You can view your chart in full glory here. 
If you have already validated your email id - as 
discussed in Step 3, you will also get a ready-to- 
use code snippet under the “Embed into your 
website” section. You can just copy and paste 


it to another webpage, and the chart is shown 
there - given that your server is accessible from 
the webpage. For example, if you have installed 
Datawrapper on a computer in your local network, 
you can display the charts within your network. 
Below this, you also have the option to export 
the chart to a static image that can be used for 
publishing etc. Towards the top, there is a direct 
link to the chart available as well. 

Finishingthoughts 

I w Datawrapper is a great tool that enables 
almost anyone to create beautiful charts - there is 
no need for any sort of technical or mathematical 
knowledge. If you have some formatted data, 
Datawrapper can almost certainly plot it. While 
the installation process is a little lengthy, it is a 
breeze if you just follow these few steps carefully. 
If you have visited the Datawrapper website, you’ll 
be aware that there are few new features available 
now as well. Prominent among them is the 
choropleth map feature, which lets you show data 
in a geographical map format. Though this is not 
currently available in the GitHub source, we hope it 
will be soon. 
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■ Get your smart TV in on the action by 
connectingyour HTPC to it with a HDMI cable 

Build a Linux HTPC 


Set up the most powerful home theatre PC possible using a 
custom Linux setup, with tips on hardware and software 


Advisor 

Q RobZwetsloot models 

complex systems and is a web 
developer proficient in Python, 
Django and PHP. He loves to 
experiment with computing 

Resources 

OpenELEC http://openelec.tv 


Some of the best commercial home 
theatre PCs and media centres run on 
pre-established and/or open source 
software. People like to have a familiar 
interface and to do as little as possible to get their 
content working. This is why something like Kodi 
- formerly XBMC - is so popular, as due to years 
of development, use, testing and maturing it’s 
extremely easy to use and will do/play many things 
without any extra setup. 


A lot of these solutions can lack customisation 
though, and aren’t as open as what you can create 
yourself in Linux. What we’ll show you in this 
tutorial is all the tools you’ll need to create your 
own dedicated Linux media centre that can power 
your TV and watch all your shows, or even play your 
music library in a pinch. 

We’ll be using Kodi to do this, but a lot of the tips 
can apply to any other HTPC software you would 
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Choosing your hardware 

W I What’s going to live under your TV - 
custom-built machine or a more expensive mini PC 
A mini PC will more than likely be smaller, but you a 
still make pretty small systems. You can also use 
Raspberry Pi, but we’re going to concentrate on mo 
traditionalx86 solutions. 



MiniPCchoices 

KJmL There are plenty of mini PCs you could 
choose for the task - in the past we’ve used 
CompuLab’s range of IntensePCs and MintBox’s for 
the job, but Zotac and Gigabyte offerings are also up 
to the task and include a Blu-ray or other disc drive 
capable of playing your physical library. 

AQ Getting a case 

wO If you plan to build a HTPC yourself, getting 
a small case is near essential. While re-using old 
parts and cases is a good way to do this quickly and 
cheaply, the resulting product will require a lot of 
room. Check out slim, mini-ITX chassis for an easy 
way to get a slimline system that you can readily find 
components for. 



A/ Motherboard options 

w“T Mini 1TX boards are relatively cheap and you 
can get decent enough ones pretty easily from your 
regular component supplier. We recommend looking 
for AMD chipsets that include onboard graphics - 
these are perfect for 1080p video, thanks to modern 
codecs and hardware decoding. 


Other components 

W You’ll also need RAM and a CPU - try and aim 
for at least 2 GB of RAM, however you should prioritise 
the RAM over the CPU as the graphics will be doing 
most of the heavy lifting in the system. 


AA PowerSupply 

wU Look for green power supplies but don’t 
skimp on the wattage if you can help it. A system 
like this should have a low idle draw but while 
decoding high-quality content it may need a lot more 
than usual. This also allows you to easily upgrade in 
the future. 



Repurposing old parts 

V / If you have old components lying around, 
you may well be able to put together a similar system 
without the need for going with brand new kit. The 
minimum requirements are tied to the graphics 
more than anything else, so as long as you have an 
Nvidia 8500 GT and better, or a Radeon HD 5400 
series GPU or newer you should be able to run 
Kodi fine. 

Remote control 

\J O Most IR receivers and universal remotes 
will work with the Kodi software, thanks to pre-built 
modules in the Linux kernel and its software. We'll 
cover alternate control methods later on. 


AA GetOpenELEC 

w The easiest and probably the best route for 
setting up Kodi is to grab OpenELEC - it’s created by 
some of the Kodi dev team and is stripped down to the 
bare essentials to make sure that OpenELEC works 
on its target hardware. Grab your relevant ISO from 
http://openelec.tv. 
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iai 


inelec 

System 

Network 

Connections 

Services 

Bluetooth 

About 


ELEC Settings 


OpenELEC (unofficial) 

devel-20140316180315-rl 7942-ge3efbd7 

Generic i386 


Open Embedded Lnui Emetiamment Center (OpenELEC) i» ■ rrnwmal imu* dmtobutwn 
purpose built for XBMC medu center OpenELEC n designed to boot tail with en 
* ne to convert a bare HTPC Into a tutty 



Useful information like version and architecture details, support and social media links, and 
how to make a donation to the project 



KIQ First boot 

OpenELEC will boot into Kodi/XBMC and 
now it’s time to do some configuring. First, you 
should look at the internet options in the OpenELEC 
Configuration Utility located in the Add ons section. 
This will let you set up wireless internet as well as a 
fewotherthings. 


lO Live stick 

I w Unzip the files and open up the terminal. 
Use cd to navigate to the OpenELEC folder, and 
then insert the stick you’ll use to create the live 
installer. Find out its designation with sudo fdisk -l 
and then set it up with: 

| sudo ,/create_installstick /dev/sdX 

rl 4 Installation 

I I Once the live media is created, you’ll need to 
insert it into your intended HTPC and switch it on, 
looking for the option to boot from the stick itself. 
You’ll be asked how you want to install OpenELEC - 
use the Quick Install, assuming this is a dedicated, 
completely untouched system, and follow the 
prompts to install and reboot. 



4 Q Add networked media 

IO Go to the Videos/Music tab and find 
the Files option - here you can add media from 
networked sources via Samba, UPnP or with a 
direct address to something like an NFS partition. 
You can then choose a scraper which will add art 
and names to any files you may have available. 


A i Enjoy your shows! 

I ™T Once your network is set up, and your 
media is added from around the network, you can 
start watching or listening to anything you want. 
It doesn’t take much time at all to set up a proper 
media centre PC, as we’ve shown you here. Plus, 
you don’t even need to do much more in the way of 
maintenance to keep using it like this. Kodi has a lot 
of great extra features though, so continue on for 
ways to get the most out of your HTPC. 

Internal storage 

lv Keeping files on internal storage is a 
good way to give yourself have constant access 
to them - especially shows that you will watch 
regularly or people in your household (like kids 
with cartoons, for example) will watch over 
and over. These will be automatically added to 
your list without you needing to point Kodi at 
their location. 

USB storage 

I W Accessing the internal storage may be a 
little difficult for some, but a USB stick or portable 
hard drive will easily connect to the system and 
will be instantly added to your video library like 
anything from the internal storage as well. 
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<3 Settings Videos 



LJ Playback 

settings 

cc 


Videos - Settings 

Library 

Preferred audio langur 

Play the next video au 


Original stream's language 

Playback 

Display 4.3 videos as 


Normal ▼ * 

File lists 

Activate Teletext 

- Scale Teletext to 4:3 


% 

Subtitles 

Reset above settings t 

o default 


DVDs 

Settings level 

Standard 

Category containing settings for how video playback is handled 

* # 


Slier 


Smartphone remote 

I / As well as the physical remote that you (may 
have) set up, you can also use an Android smartphone 
as a wirelessly connected remote, using the HTML 
options you can also access in a browser. The (XBMC- 
branded) app can be downloaded from the Play 
Store here: https://play.google.com/store/apps/ 
details?id=org.xbmc.android.remote 

Other control options 

IO As OpenELEC is built on Linux, it comes 
complete with various drivers that allow you to 
use various game controllers - PS3 and wired 
360 pads in particular. This can help you in a 
pinch and may be best if you plan to dual boot 
your HTPC. 



Add-ons 

I w There are a lot of video, music and program 
add-ons for Kodi left over from XBMC. Find the Add 
On option undereach category to find a list of plug-ins 
that can be instantly added to your HTPC. 

Playback settings 

w In the main settings you have plenty of options 
to tweak playback to give you a better experience. Do 
you want to specify an audio or subtitle language for 
any videos? What about aspect ratio for 4:3 shows? 
This can all be changed and configured in the settings, 
making it easy for you to tailor your experience to what 
you want. 


O Live TV 

I You can watch and record Live TV through 
Kodi as well, although you’ll need to get an 
extra component to attach aerial input. There 
are EPG features you can activate, along with 
behaviour for the PVR functionality that you 
can also change. 

Keepwatching 

There’s a lot to discover with Kodi, but 
this should get you started, leaving you plenty of 
room to expand in the future. As for upgrades, the 
hardware should last longer than most systems, and 
OpenELEC has an in-built software updater as well. 
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Manipulate and 
convert data in R 


Advisor 


MihalisTsoukalosisa 



Unix administrator, a 
programmer (for Unix 
and iOS), a DBA and 
also a mathematician. 
He has been using 
Linux since 1993 


Resources 

R project r-project.org 
RStudiO >it.ly/1VLmlgA 
Zoo package bit iy/iovowhd 
Chron package bitiy/iLhctzq 


Learn how to use R to easily and effectively 
manipulate various kinds of data 


The R software deals, processes 
and visualises data all the time - it 
is something that can give value to 
your data. However, what is the point of 
visualising data if you cannot transform, manipulate 
and change your data whenever you want, any way 
you want? 

This article will teach you many different ways to 
manipulate and transform your stored data within 
R. This is very important because most of the time 
the information you want is hidden somewhere and 
waiting for you to find it. Additionally, when you have 
problems with data, it is often a matter of data being 
in the wrong mode or class in relation to the task you 
aretryingto perform. 

The first thing that you should remember is that 
the index of the first element in R data types is one 
instead of zero. 

If you would prefer to use an IDE instead of 
the command line version of R then you can 


download the open source version of RStudio from 
bit.ly/IVmlgA, but RStudio is not necessarily 
required in order for you to follow this tutorial. 
Nevertheless, you will still benefit from knowing 
how to install, run and quit R, as well as how to type 
commands to its command line environment. 

The various types of data in R 

R supports various types of data, and 
each type has unique c properties. This part of the 
tutorial will introduce you to the most important 
data types for handling groups of data. A list is 
a generic vector containing other objects and a 
vector is a sequence of data elements of the same 
basic type. A data frame is a list of vectors of equal 
length that is primarily used for storing data tables. 
It is used a lot in R and is equivalent to the concept 
of a table. An array is a multidimensional object. A 
matrix is a two-dimensional array that contains 
numeric data; it has rows and columns. 





■ This is the environment of RStudio, a powerful and useful IDE for R 
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The mode() function returns the mode of an 
object whereas the class() function returns the 
class of an object. Both functions can be very 
useful when you do not know the kind of R object 
you have. 

Import data in R 

Usually, you do not write your data 
yourself; most of the time you will get your data 
from external sources, including text files, 
databases and the Internet. The reading of 
external data is made with the help of the read, 
tablet) function that returns a data frame. If you 
want to read an external text file, you can use the 
following command: 

| > myData <- read.table(“./data.txt”, 
header=FALSE) 

If you set the header parameter to TRUE, it is assumed 
that the first line of your input will contain the names 
of the variable. 

Remember that depending on the format of 
the external data, you should use the appropriate 
data type to hold your data or transform it to the 
desired format. 

Create and use random data 

Being able to get and work with random 
numbers is great for testing various methods and 
techniques. Therefore this step will teach you ways 
to get random data in R. The following returns ten 
floating-point numbers from 0 to 100: 



| > runif(10, min=0, max=100) 

The next variation returns ten integers between 
Oand 100: 

| > floor(runif(10, min=0, max=101)) 

Please note that the maximum number cannot 
be returned, so putting 101 as the value of the 
max parameter ensures that the integer number 
100 can be returned. 

In case you want to generate the same 
sequence of random numbers again, you can 
use the set.seedO function as follows: 

I > set.seed(123) 

> runif(10, min=0, max=100) 


As you can see in the image, you must run set. 
seed() before executing the runif() function. 

There is a function called sample that 
shuffles the contents of an existing vector into a 
random sequence without changing the actual 
numeric values: 

> a <- floor(runif(3, min=0, max=100)) 

> sample(a) 

[1] 57 89 10 

> sample(a) 

[1] 89 10 57 

If you put a second argument to sample, you can 
specify the size of the sample that is going to be 
returned. 

^ t Deal with text and match 

w“T Although most of the article will be about 
manipulating numeric data and dates, this step 
will talk about text manipulation in R and how to do 
things with text. 

The as.numericO function converts a character 
string to its numeric value. If there exist invalid 
characters, you will get an error message. You can 
concatenate two strings as follows: 

| > paste(“Linux User”, “Developer”, sep=“ 
and ”) 

[1] “Linux User and Developer” 

Similarly, you can link the strings from two columns 
of a matrix into a new column. If the matrix has 


> myData <- read.toble("./data.txt", heoder-FALSE) 


> system(*cat ./data.txt") 


10 al cl 


20 a2 c2 


30 a3 c3 


40 a4 c4 


50 a5 cS 


> myData 


VI V2 V3 


1 10 al cl 


2 20 aZ c2 


3 30 a3 c3 


4 40 o4 c4 


5 50 a$ cS 


> dass(myData) 


[1] "data.frame" 


> mode(myData) 


[1] "list* 


>1 


■ Here’s the output from Step 2, where we read our table for data 
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Extra R packages 

Although R is a very capable package 
with a great programming language, it’s 
true power comes from the numerous R 
packages. Whenever you have a problem 
you want to solve, check if there exists 
a package that can help you do your job. 
You can start from cran.r-project.org. 


three columns, then a new fourth column will be 
created in the returned matrix; it is your job to store 
the new matrix. 

R also supports pattern matching for text 
variables. So, should you wish to get all columns that 
contain the text “Error”, you should run the following 
command that utilises the grep() function: 

| > errorMessages <- c(“I/0 Error”, “Network 
Error”, 

“Data not found”, “TCP/IP not working”, “Data 
Error”) 

| > errorMessages[grep(“Error”, 
errorMessages)] 

1 [1] “I/O Error” “Network Error” “Data 

Another truly important function is match(), which 
answers the question “where can the values of the 
second vector be found in the first vector?” The 
match() function can be better understood with an 
example, like so: 

| > firstV <- c(l, 2, 4, 5, 9, -1, 0, 4, 5) 

| > secondV <- c(0, 1, 2, 0, -1, 9) 

| > match(firstV, secondV) 

[1] 2 3 NA NA 6 5 1 NA NA 

MatchO returns a vector of subscripts that belong to 
the second vector and has as many elements as the 
first vector. If an element of the first vector cannot 
be found in the second vector, then NA appears in its 
place. Otherwise, the index of the first occurrence of 
an element is returned instead of NA. 


and chron packages. This article will only deal with the 
built-in types. 

The general principle is that if you are using a 
nonstandard format, you will have to specify it. 
Moreover, R enables you to do calculations with dates, 

POSIXct (ct: Calendar Time) is the best class when 
you have times in your data; this class also lets you 
specify the timezone of a date. The POSIXlt (It: Local 
Time) class enables you to easily extract specific 
components of a time. It is important to remember 
that POSIXlt objects are lists. If you only have dates 
then use the Date class. Type help(DateTimeClasses) 
to get more information about date and time classes. 

AC More about states and times 

w w The strptimeO function enables you to 
convert a factor or a string into a date - the user 
must provide a format statement in double quotes to 
inform R about the structure of the input. A factor is 
of mode numeric and class factor. 

The difftimeO function can also help you find the 
difference between two dates. 

It is very important to use the correct code when 
parsing dates and times in R: %Y is forfour-digit years 
whereas %y is for two-digit years. Use %d to declare 
the day of the month and %m for declaring the month 
as a decimal number. Use %B as the code for the full 
name of a month and %b for the abbreviated name of 
a month. 

It is necessary to try things using small samples 
before working with real data, especially with dates 
and times where it is easy to make small typos that 
can create big errors. 


Data tasks 

W / This part will show you how to do some 
simple things with your data. Suppose that you 
have a data frame named aDataFrame. If you want 
to get a single element from the data frame you 
should run the following command: 


> aDataFrame[4,3] 


The previous command will get you the element 
from row four and column three. Similarly, you can 
get its first column as follows: 


Deal with dates 

w w Dates and times are special kinds of data 
and therefore need special treatment when dealing 
with them. It is advisable not to store dates and 
times as plain text because it is difficult data to 
manipulate. However, occasionally you will need to 
convert a date or time stored as a string into a more 
appropriate format. 

R offers the built-in Date, POSIXlt and POSIXct 
classes for storing dates and times, as well as the zoo 


| > aDataFrame[,l] 

Should you wish to get its second row, you should 
execute the following command: 

| > aDataFrame[2,] 

To get the first three rows of a data frame, you 
can use the next notation below. This can also be 
applied for getting the first three columns: 


AQ Advanced data tasks 

wO The following command will define a data 
frame with three columns: 


| > myDataFrame = data.frame(vl=c(l,2,3,4,5), 
v2=c(0,l,2,3,4), v3=c(-l,-2,-3,-4,-5)) 


The following command will add the same number 
to all data frame elements: 


| > myDataFrame + 5 


As the columns in myDataFrame have names, 
the following two commands will both subtract 
the number five from the first column of the data 


| > myDataFrame[, 1] - 5 
| [1] -4 -3 -2 -1 0 
| > myDataFrame$vl - 5 
I [1] -4 -3 -2 -1 0 


The following command adds ten to all elements of the 
first row: 

| > myDataFrame[l, ] + 10 

The following command adds minus one to the first 
column, zero to the second and one to the third 
column of myDataFrame: 

| > myDataFrame + -1:1 

Remember that as long as you do not assign 
the result of an operation to the myDataFrame 
variable, the original contents of myDataFrame will 
not change. 

The next command creates a new column named 
sum to myDataFrame that contains the sum of all 
values of each row: 


| > myDataFrame$sum = myDataFrame$vl + 
myDataFrame$v2 + myDataFrame$v3 


As you can understand, this operation does alter 
myDataFrame by adding a new column to it. Using 
the same method, you can perform any kind of 
calculations you want. 


AA Convert between various data types 

WW This step will show you how to convert 
between lists, data frames, vectors and also 
matrices. Given a matrix named myMatrix, 
you can convert it into a list using the following 
simple command: 
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> aDataFrame = data.frameCvl^Cl^.B^S), v2=c(0,l,2,3,4), v3=c(-l,-2,-3,-4,-5), v4= 
c(0,0,1,2,3), v5-cC-l,-2,-3,-4,-5)) 

> aDataFrame 

vl v2 v3 v4 v5 
1 1 0-1 0-1 
2 2 1-2 0-2 

3 3 2-3 1-3 

4 4 3-4 2-4 

5 5 4-5 3-5 

> aDataFrame[4,3] 

[1] -4 

> aDataFrame[4,3] = aDataFrame[4,3] + 100 

> aDataFrame 

vl v2 v3 v4 v5 
1 1 0-1 0-1 
2 2 1-2 0-2 

3 3 2-3 1-3 

4 4 3 96 2-4 

5 5 4 -5 3 -5 

> aDataFrame[,l] 

[1] 1 2 3 4 5 

> aDataFrame[2,] 

vl v2 v3 v4 v5_ 


■ R enables you to apply operations to specific rows and columns of a table 


| > myList <- as.list(data.frame(t(myMatrix))) 

Given a list name myList, you can convert it into a 
matrix with this command: 

| > anotherMatrix <- matrix(unlist(myList), 
ncol = 2, 
byrow = TRUE) 

The previous command requires that you manually 
specify the number of columns of the new matrix 
because you are converting a linear type into a 
two-dimensional one. You can transform a vector 
named aVector into a list as follows: 

| > anotherList <- as.list(aVector) 

You can convert a list named anotherList into a 
vector with the help of the unlistO function: 

| > aNewVector = unlist(anotherList) 

Save and load your work 

So far, we have shown you how to change 


your data in various ways. The final step will 
describe how you can save your data and load it the 
next time you decide to run R. You have the option 
to save your current R session, including all defined 
variables, as follows: 

| > save(list = ls(all=TRUE), file = 
“R25Aug2015”) 

The operating system will create a file named 
R25Aug2015 that you can load afterwards as 
follows: 

| > load((file = “R25Aug2015”)) 

The following command can be used for removing 
all currently defined types of R objects: 

| > rm(list=ls()) 

R is an endless subject and you can only learn more 
about it by practising and exploring your options, so 
start experimenting today and give your data many 
new meanings! 


Get help 

R offers a plethora of ways to get help 
about functions. If you type a question 
mark at the R prompt, followed by 
the name of a function, R will return 
something similarto a UNIX man page: 

> ?read .table 

The following command will return 
working examples for the read.table 
function: 

> example(read.table) 

The next command will show you an 
impressive demo of the graphical 
capabilities of R: 

> demo(graphics) 
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Here, you can add new files or create a collection of media files. 
Files can be assigned to collections at any point of time 


Update account settings here and track media files usingthe 
Media processing panel, which shows details about uploads 



All creative commons licences are available here to assign This section lets you upload a media file and update the 

under an available media file relevant information regarding that file 


Host your own media 
gallery with MediaGoblin 

MediaGoblin provides a way to share videos, photos or audio 
recordings with your loved ones, without worrying about privacy 


Advisor 


NitishTiwariisa software developer by 
profession and an open source 
enthusiast by heart. As well as 
writingfor leading open source 
magazines, he helps firms set up 
anduseopensourcesoftwarefor 
I their business needs 


Resources 

MediaGoblin home page 

mediagoblin.org 


YouTube is not only a website anymore, 
it’s become a phenomenon. Millions 
of hours are spent - or wasted - daily 
in watching videos of cats, dogs and 
humans doing strange things. With the predictive 
playlist appearing just after you finish a video, it is 
sometimes very difficult to close the window and 
you go on and on, watching one video after the other. 
But YouTube is adangerous place for personal videos 
and other media that you don’t want strangers to 
access. Though it has an option to make your videos 
private, you don’t really know how private it is. So we 
need to find a solution that has the perfect match of 
convenience and privacy. 


This is where MediaGoblin comes in. This 
open source tool can help you organise, host 
and stream media from your own PC without 
having to worry about privacy. If you are a power 
user, you can also have it run on a web server 
and let other people add their media. There are 
a range of other useful features available too, 
like tags and collections to name just two. 
In this tutorial, we will begin with the steps 
to install MediaGoblin on Ubuntu and 
then proceed to get it working and see it in 
action. We have used Ubuntu 14.04 as the host 
system and MediaGoblin’s clone from their 
Gitorious repo. 
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Set up the 
database 


nitishiomltlsh-ubuntu: /srv/medlagoblln.example.org/mediagoblln 

Removing obsolete dictionary files: 

1 No PostgreSQL clusters exist; see "man pg_createcluster" 

Setting up postgresql-cllent (9.3*154) ... 

Setting up python-egenlx-nxtools (3.2.7-lbulldl) ... 

Setting up python-egenlx-mxdatetlme (3.2.7-lbulldl) ... 

Setting up python-psycopg2 (2.4.5-lbulldS) ... 

Processing triggers for ureadahead (8.188.8-16) ... 

Setting up postgresql-9.3 (9.3.5-OubuntuO.14.84.1) ... 

Creating new cluster 9.3/naln ... 
conflg /etc/postgresql/9.3/maln 
data /var/llb/postgresql/9.3/maln 
locale en_lN 
port S432 

update-alternatives: using /usr/share/postgresql/9.3/nan/nanl/postnaster.l.g2 to 
provide /usr/share/nan/nanl/postmaster.l.gz (postmaster.l.gz) In auto node 
* Starting PostgreSQL 9.3 database server [ OK ] 

Setting up postgresql (9.3*154) ... 

Processing triggers for llbc-bln (2.l9-8ubuntu6) ... 

nltlsh0nltlsh-ubuntu:/srv/nedlagoblln.example.org/medlagobllnS sudo -u postgres 
createuser -A -0 nedlagoblln 

nltlshfnltlsh-ubuntu:/srv/nedlagoblln.example.org/nedlagobllnS sudo -u postgres 

createdb -E UNICODE -0 nedlagoblln nedlagoblln 

nltlshgnltlsh-ubuntu:/srv/nedlagoblln.example.org/nedlagobllnS I 


Sort out dependencies 

w I MediaGoblin is a full-fledged media¬ 
streaming platform and therefore it has a few 
software dependencies that you will need 
to take care of before installing MediaGoblin. Let's 
take a look at these dependencies and how to 
install them. 

• Python 2.6or2.7This interpretsthe MediaGoblin 
source code. 

• Python-lxml Binds certain C libraries to Python. 

• Git For downloading and updating the repository. 

• SQLite/PostgreSQLThis is where everything is 
stored. SQLite is the default option and works fine 
for small set-ups, but you need to use PostgreSQL 
if you expect more users. 

• Python Imaging Library This adds image- 
processing capabilities to Python interpreter. 

• virtualenvThis is used to create isolated 
Python environments. 

You can install all these on a Debian based system, 
using the apt-get command. It can be done with a 
single command: 

| sudo apt-get install git-core python 
python-dev python-lxml python-imaging \ 

| python-virtualenv 


ft*} Set up the database 

Wfc As we said before, the default SQLite 
database doesn’t perform well for deployments 
involving more than two or three users. So, if you 
are planning to have more than three users, it’s 
recommended to use the PostgreSQL database. To 
set it up for MediaGoblin, first download and install 


| sudo apt-get install postgresql 
postgresql-client python-psycopg2 

Note that it has other required packages too. The 
installation process creates a user with sufficient 
privileges to handle the database, but keeping 
security in mind we will create a separate user for 
MediaGoblin. To create the new user, type: 


MediaGoblin user 

ww You’ll have noticed that we didn’t add a 
password for the user named mediagoblin. So how 
does the system authenticate theuser?Thisisdonevia 
the local Unix authentication. Local Unix authentication 
allows a system user to connect to any PostgreSQL 
database on the system without a password. To enable 
this, you need to create a system user with same 
name as the PostgreSQL database user. So we now 
need to create an unprivileged system user named 
mediagoblin. Note that the user can be underprivileged 
because MediaGoblin doesn’t need any privileges to 
run. This also makes the system more secure. Run this: 

| adduser —system mediagoblin 

You can’t login to this account but a switch using: 


| sudo -u postgres createuser -A -D 
mediagoblin 

Once the user is created, create the database: 

| sudo -u postgres createdb -E UNICODE -0 
mediagoblin mediagoblin 

Here the first ‘mediagoblin’ is the user name and the 
second is the name of database. 


| sudo -u mediagoblin /bin/bash 

You can then use this user account for all further steps. 

“Note that it has 
other required 
packagestoo” 
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Install MediaGoblin 

w“t You need to create a working directory for 
MediaGoblin. This is where the git repository will be 
downloaded. Create the directory using: 


| sudo mkdir -p /srv/mediagoblin.example, 
org && sudo chown -hR mediagoblin /srv/ 
mediagoblin.example.org 


As you can see, we create the directory with elevated 
privileges (root) and then change the owner to our 
underprivileged mediagoblin user. Let’s now clone 
the MediaGoblin repo to this folder. First switch to 
the mediagoblin user and then change the directory 
to the working directory we just created: 

| cd /srv/mediagoblin.example.org 


Now start cloning: 

| git clone git://gitorious.org/mediagoblin/ 
mediagoblin. git 


Move to the ‘mediagoblin’ folder - cd mediagoblin. 
Initialise the repo and then fetch the data: 

| git submodule init && git submodule update 


_ m*dijgobltn.eximplelrV x 

I If you want to make changes to this rile, first copy it to 

• nedlagoblln_local.ini, then nake the changes there. 

• If ynu don't see what yon need here, have a look at nedlagohl<n/rnnf1g_sper In 
ll It defines types and defaults so It's a good place to look for documentation 

to find hidden options that we didn't tell you about. :) 


ta.basedlr = "/var/Ub/medlagoblln" 
fl{mediagoblin] 

■ dlrect_renote_path « /ngoblln_statlc/ 

nail sender address - "notlcepmedlagoblin.example.or 


change to your on s appropiate setting. 

» Default Is a local sqllte db "mediagoblin.db'. 

I n Don’t forget to run ./bln/gmg dbupdate after having changed it. 
$ sql_englne = postgresql:///nedlagobltn| 


o disable the ability for users to report offensive content 


You’ll notice that we didn’t take code from the stable 
revision but instead the master branch of the git 
repository. MediaGoblin is under rapid development 
so it makes sense to use the master, at least until a 
consistent release. 

AP InstallVirtualenv & others 

ww MediaGoblin uses virtualenv - a tool to 
help manage the dependencies by creating isolated 
Python environments. It’s already available in the 
package, so set it up by using: 

| (virtualenv —python=python2 —system-site- 
packages . || virtualenv —python=python2 
.) && ./bin/python setup.py develop 

If you are feeling adventurous, you can also try the 
experimental deploy system (shell script) instead of 
the earlier command: 

| ./experimental-bootstrap.sh && ./configure 
&& make 

This script sets up virtualenv and also helps 
you keep it updated by running make update, but 
as per the developers of MediaGoblin, this is 
still under development and may break. To update the 
codebase at a later point of time simply run: 

| git submodule update && ./bin/python 


“MediaGoblin is under rapid 
development so it makes sense to 
use the master” 


setup.py develop —upgrade && ,/bin/gmg 
dbupdate 

You also need to install Flup before the setup 
concludes. Install it using: 

| ,/bin/easy_install https://pypi.python.org/ 
py pi/f lup/1.0.3. dev-20110405 

We will see more on Flup and FastCGI later. 

AA DeployMediaGoblin 

Now that dependencies are set up and 
MediaGoblin is installed, we will edit the MediaGoblin 
configuration files - specifically the mediagoblin. 
ini file located inside /srv/mediagoblin.example.org/ 
mediagoblin. Here are the changes required: 

• Set email_sender_address as the ID you want to 
use for sending system mails. 

• Uncommentthelinesql_engine = 


postgresql:///mediagoblin ifyou are using 
PostgreSQL. 

• Edit direct_remote_path, base_dir and base_url 
as perthe rootofvirtual host. 

Now update the database using ,/bin/gmg 
dbupdate. This populates the database with 
MediaGoblin data structures. Finally, test the 
MediaGoblin server using: 

| ,/lazyserver.sh —server-name=broadcast 

You should now be able to connect on your browser 
port 6543. 

Flup and FastCGI 

W / MediaGoblin uses FastCGI for deployment 
and FastCGI needs a server. So we need Flup. We 
already installed Flup in step five. Later you will 
learn a FastCGI setup with an Nginx server to serve 
MediaGoblin pages. 


78 






Linux & Open Source VV / 

Genius Guide = 


FastCGI is a protocol to interface interactive 
programs with a web server - it’s an improvement 
over CGI (common gateway interface). CGI, while 
easy to implement, had problems in scaling since 
separate processes were created for each web req 
uest - a huge overhead for the host OS. FastCGI 
solves this by using persistent processes to serve 
series of web requests; moreover, these processes 
are owned by FastCGI server (Flup in our case) and 
not the web server. This de-couples Webserver and 
FastCGI server, allowing effective scaling. Now 
any server that supports FastCGI can be used for 
MediaGoblin. Nginx is a good option because of easy 
configuration and setup. 

AQ Nginx setup 

wO Nginx has been slowly rising in the ranks 
of the web server of choice and is currently one of 
the most used web servers. An acronym for Engine 
X, it is a high-performance HTTP server. It does 
support a lot of other protocols too but those are 
out of scope for us here. Let’s go straight to the 
server set up. Create a configuration file at /srv/ 
mediagoblin.example.org/nginx.conf and create a 
symbolic link into a directory that will be included 
in your nginx configuration with one of the following 
commands (as the root user): 

| In -s /srv/mediagoblin.example.org/nginx. 
conf /etc/nginx/sites-enabled/ 

This way, a change in one file automatically reflects 
in the other. You need to then add the contents to the 
configuration file, as shown in the screenshot below. 
Remember to change the fields as per your local 
paths. Once done, restart nginx using sudo /etc/ 
rc.d/nginx restart. If everything goes well, start 
MediaGoblin using: 

| cd /srv/mediagoblin.example.org/ 
mediagoblin/ ,/lazyserver.sh —server- 
name=fcgi fcgi_host=127.0.0.1 fcgi_ 
port=26543 


Visit mediagoblin.com to see an example 
MediaGoblin gallery in action. 


MediaGoblin home 

The setup process is a little lengthy, 
and for the novice user it may seem a complex 
task, but the steps are simple and you just need 
to follow them one at a time. Once you have 
successfully completed the process, you can enjoy 
uninterrupted media streaming for you and your 


The first step after you’re ready with your own 
MediaGoblin instance is to create an account. 


* Stock uxeftil cor.fig options, 
include /etc/cginx/mi 


xutoinSex off: 

default type applicetlon/octet-etieu; 
sendf lie or.j 


• Gsip 
9 slp on; 

giipxinlength 1024: 

9 iip buffers 4 32k; 

9 *lp types text/plxln text/html application/*-javascript text/jav 


9 Mounting MediaGoPlis stuff 


Nginx 
UO setup 


9 Change this to update the upload sise limit for your users 
clieat_aax_body site la; 

9 prevent attacks (someone uploading a .txt file that the browser 

9 interprets as an liTKl file', etc.) 

add header X-Content-Type-Options nosniff; 

server name aediagoblin.exaaple.org ww.mediagoblin.exaaple.org; 
access log /var/log/ngmx/aedisgoblin.example.access.log; 
error,log /var/log/nginx/aediegoblic.example.error.log; 

9 MedieGoblln* a stock static files) CSS, JS, etc. 
location /agoblinetetic/ { 

alias /srv/mediagoblin.exaaple.org/mediagoblin/mediagoblin/static/; 


9 instance specific aediei 
location /mgoblicmedi*/ ( 

alias /srv/aedlagoblin.exsaple.org/mediagoblin/waer_dev/aedia/publlc/; 


9 Theme static files (usually syslicked in) 
location /theae_static/ ( 

alias /srv/mediagoblIn.example.org/medlagobiin/uxardev/themestatic/; 


9 Plugin static filea (usually symlinkad in) 
location /plugin„static/ ( 

alias /srv/mediagoblin.example.org/mediagoblin/user dev/plugin_static/; 


# Mounting MedieGoblln itself vie FastCGI. 
location / ( 

fastcgi pass 127.0.P.H26343; 
include /etc/nginx/fastcgi parame; 

# our understanding vs nginx s handling of acriptnaae vs 
9 path info don't match i ) 

fastcgi paron PATH ISFO Sfaatcgi acript name; 
fastcgi_param SCRIPT SAME *•; 


This is because you can browse the collections 
anonymously but you need an account to upload 
media. To create an account click on the ‘Log 
in’ button on the top-right corner. In the log in 
page that appears next, click on ‘Create one here’ 
to open the user registration page. Fill the details 
in the registration page and you are good to go! Just 
log in with the credentials and then click on your 
user name to be redirected to your profile page. 
Here you have the options to upload media and 
manage your profile. 

Add media 

Adding a media file is a breeze, just click 
on the ‘Add media’ button on the right side of your 
profile page. In the next page, upload the file. 


set the title of the media, add a description, add 
tags and set the license you’d like to assign to the 
media. Finally click on the ‘Add’ button to upload 
the file. On the left side of the page, you may 
notice the ‘Browse Collections’ link. This option 
lets you browse collections created by other 
users (if you are on a multi-user environment). 
A collection is a group of media files logically 
bundled together, generally to represent an 
event or other such scenarios. Note that media 
files can be added to collections at any point 
in time and not just during the upload. To create 
a collection yourself, click on the top-right icon to 
reveal the account related options and then click 
on ‘Create new collection’. You can then add the 
title and description to add your own collection. 
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Become a Linux power user 


82 50 critical fixes 

Learn to fix the most important problems 

92 Triple boot 

Boot your system with three different OSs 

100 Total privacy on Linux 

Make sure your Linux stays private 

106 Troubleshoot & repair 
Linux networks 

Sort out the problems with your Linux 

112 Become a certified SysAdmin 

Read all about how to be a good SysAdmin 

118 Total Linux security 

Keep your Linux system secure 




“The order has its 
advantages by more 
easilytrackingwhat 
you’re installing 
and where” 
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■ LEARN TO FIX 50 OF 
THE MOST IMPORTANT 
LINUX PROBLEMS 

software, and even random defects caused by 
the hardware itself. Like any complicated piece of 
equipment, Linux and its distros can go wrong in 
many ways. Learning howto fix these problems can 
be confusing for some. 

In this feature, we’ve compiled what we believe 
to be 50 of the most common problems and 
solutions to your day-to-day Linux issues - ones 
that will help you out when either the inevitable 
happens or you are simply helping someone out 
with some troubleshooting. 


One of the upsides to using Linux is its 
^ vast hardware compatibility that’s built 
into the kernel, with countless modules 
=? able to help you boot and run on just 
about any piece of computing hardware from 
the last 20 years. It’s also fairly rock-solid and 
continually supported by a massive community to 
improve it and make it better and better. 

Having said that, though, there are always 
little problems. Some may lie in software bugs or 
quirks in the kernel, problems with packages and 


RESOURCES 


■ GParted 

The graphical partition editorthat we always 
recommend, it’s an easy way to manage, delete and change 
your current hard drive set up. It comes installed by default 
on a lot of live CDs and there’s also a specific live release of 
the software that has a few extra hard drive management 
features available on it. 

■ UNetbootin 

When creating boot media and live discs, you might also 
consider using USB storage for it. Having an easily portable, 
live-booting USB stick can be very useful for fixing problems, 
such as boot issues or hardware and driver errors, as it 
doesn’t need to actually load up into the installed Linux distro. 

■ Wireshark 

Network troubles might be quite far-reaching in your 
network, and Wi reshark is an excellent piece of software for 
going through your network and seeing where problems and 
faults may be arising locally. It works on individual machines 
and servers and includes a web frontend for ease of use. 


■ Bacula 

Backing up is an important thing to do and a safety net 
if you’re having irreparable problems on yoursystem. Bacula 
is one of the best pieces of software forthis, as it includes 
comprehensive backup solutions with included scheduling 
and networkingfeatures. 
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■ COMMON PROBLEMS 


Routine solutions to solve many widely-faced issues 


M SWITCHING 
FROM WINDOWS 

Moving to Linux from Windows can be a hurdle to overcome for a Lot 
of people. Even if you just need to advise someone, it’s a good thing to 
know the ways to make the transition as smooth as possible. 

First of all, assuringsomeonethattheirfiles, documents, music 
and such will work on Linux is a good step. If they are using Microsoft- 
own software like Office and Media Player for example, LibreOffice 
and the myriad of media software on Linux can play it just fine. For a 
lot of people, this transition just requires backing up the files before 
makingthejump. 

For software that does not have a Linux equivalent or requires the 
Linux version, using Wine may be an option. While it’s not guaranteed 
to work, it may be something that is worth looking into. A more 
surefire way is to create a Windows virtual machine on the system 
that can be accessed whenever the software is needed - it’s not a 
perfect solution but it can be better for some than just using Windows 
all the time. So the initial jump isn’t as daunting as you first thought. 

“It’s not a perfect 
solution but it can be 
better for some” 


ryCT FILE AND FOLDER 
PERMISSIONS 

Sometimes you hit a problem where you can’t create, delete or edit files without 
using a root account or sudo. WhiLe this is fine for working in the terminal, when 
you’re trying to run scripts it can be an issue. If you’ve had to create folders and 
files using sudo when they don’t require root-only access, the best option is to 
change permissions. For files and folders it’s the same: you'll use chmod along 
with a string of numbers to indicate what to change it to, for example: 

| $ sudo chmod directory 666 

... which will make everyone able to read and write in the directory. 777 on a file 
will let anyone execute it too. The first number applies to the owner of the file, 
the second numberto the group the owner’s in and the third number is anyone. 


rjC1 HARDWARE 
L*>1 PROBLEMS 

Not every piece of hardware will automatically work on Linux, but usually it’s just 
because you need to turn something on. Using sudo lspci and sudo lsusb, 
you can List the hardware devices connected to your system. Each device will 
have an address code, something like 01:00.1 for lspci - note down the address 
forthe problem device and use sudo lspci/lsusb -s [code] -v for more info. 

This should tell you which module has been Loaded for the device. It’s 
probably not the right one, so do this again while using a live disc and check to 
see which module it uses. If it's different, go to your installed system and use: 



| $ modprobe -v [module] 

There will be no output if it’s loaded, but an insmod output if it’s just Loaded it up. 


TTfi | LACK OF SOFTWARE 
LI If] IN FEDORA 


Fedora is a great Linux distro and one of its core principles is to only use free 
software. This means you won’t be able to get Chromium or be able to play 
media. For those that don’t mind using restricted or non-free software, 
the RPM Fusion repos gives you the ability to install more software. Most 
go to the RPM Fusion site (http://rpmfusion.org) and download the 
file to sort it. If you need to do it in the terminal, use the following: 

| su -c ‘yum localinstall —nogpgcheck http://downloadl. 
rpmfusion .org/free/fedora/rpmfusion-free-release-$(rpm -E 
%fedora).noarch.rpm http://downloadl.rpmfusion.org/nonfree/ 
fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm’ 
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NEED TO 
KILL A TASK 


A program might be running and taking up a lot of resources, and sometimes you just 
can’t turn it off the normal way. This calls for use of the kill command in the terminal 
- first find out what the PID of the software is in top. Simply run the top command in the 
terminal and it will show up - press Q to quit out and then: 


| $ sudo kill [PID] 



ACCESS LOGS TO 
VIEW ERRORS 


A good way to figure out a problem is to access the log files on your system to see if an 
error message may have been spat out. This might be in a major log file or one specific to 
the software, and they can be found in the /var/log folder - either navigate there in a file 
manager or lookthem up in the terminal. 


“A good way to figure out 
a problem is to access the 
log files to see if an error 
message may have been 
spat out” 




CANT FIND 
CINNAMON DESKTOP 


The Cinnamon desktop is becoming a lot more popular but it’s not quite everywhere 
yet - the most noticeable omission is from the repos of Ubuntu. There’s also now no 
officially maintained repository forthe Ubuntu build of Cinnamon anymore, but there is 
a third-party one you can use. Open up aterminal and add the PPA with: 


| $ sudo add-apt repository ppa:lestcape/cinnamon 


Now install by doing an apt-get update and apt-get install cinnamon. 
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■ BOOT ISSUES 

Get GRUB working and 
boot back into Linux 



ADD OTHER 
BOOT OPTIONS 


The beauty of GRUB is that you can add boot options to it - either different ways to boot 
your distro, or adding other distros if you multi-boot. For multi-booting, the quick way is to 
use the pre-installed os-prober (operating system prober) in GRUB. To do this, all you need 
to do is run an update-grub for it to check what else is installed and add to the grub.cfg. 
Otherwise, you can create custom installation option files in /etc/grub.d, named in order of 
when you want them to boot. 


crq GRUB CANNOT 
N L»J BE FOUND 

This one doesn’t often happen just out of the blue - usually there’s a reason, like you’ve 
installed another distro to your system, for example. But we’ve turned on a laptop once 
or twice and it’s just... happened. Either way, don’t panic as you can easily restore GRUB. 

First of all, get a live-booting medium of your preferred distro - Ubuntu will do, but so 
will Fedora on either CD or Live USB. Stick it into the problematic machine and restart it 
to load up the live environment 

Once you’re in the desktop, mount the hard drive where your distro is installed to in the 
file manager and then open the terminal. Make sure GRUB is installed by trying to install 
the GRUB package (for Ubuntu, apt-get install grub; Fedora is yum install grub, 
etc). Still in the terminal, use fdisk -1 to figure out the location of your hard drive (such as / 
dev/sda). When you have that you can type: 

| $ grub-install -root-directory=[Mount point of hard drive] /dev/sda 

The mount point being where the file manager mounted the filesystem and not 
/dev/sda. You should then be able to reboot and go back into your original distro. 


m NEED TO 
I WA MANUAL BOOT 

This is not an easy one - you may be given a boot prompt at GRUB asking you to manually 
type in the boot command. If you can’t reinstall GRUB for some reason, or don’t want to, 
you’ll have to know the following pieces of information: which version of the Linux kernel you 
have and the UUID of the hard drive. These can be quite long strings, so you’ll need to write 
them down. Once you have though, you can boot by typing something like: 

| $ linux /boot/vmlinuz-[kernel versionj-generic root=UUID=[UUID of drive] 

ro quiet splash 

...and... 

| $ initrd /boot/initrd.img-[kernel versionj-generic 
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■ NETWORKING FIXES 

Tips to help fix your network issues and create stabler LAN 



SETA 
STATIC IP 



While a router will tend to dole out 
DHCP addresses to the same network 
interfaces every time, it’s not consistent. 
When you have port forwards active or 
very specific connection addresses set 
up around your home network, it can be 
best to set a static IP. 

In desktop environments there will be 
a graphical network manager which will 
let you set manual settings for IP, gateway, subnet mask and DNS. Otherwise, 
you can open /etc/network/interfaces using nano and add it manually. 



TESTYOUR 
WEB ACCESS 


If you’re having trouble loading a page or two, you may be struggling to connect 
to the Internet. Or the server you’re trying to contact may be having problems. 
To help try and differentiate between a bad net connection and a busy server, 
you can use the ping command to see if communications are getting through 
properly. Open upthe terminal and ping Google with: 


| $ ping www.google.ci 


It will send small packets to Google asking for a response and record the response 
time. It’s also worth trying a different website if Google is something you’re having 
problem with. 



QUERY DNS 
VERSION 


If you’re browsing on the Internet and some websites seems to be fine while others 
simply aren’t, there could be any number of things causing it- most of them not 
your fault. However, one issue that will catch some people out is whether or not 
their DNS is up-to-date. To check what DNS you’re using, you can use dig to find 
more details. Open up the terminal and type: 


| $ dig www.google.com 



CHECK YOUR 
NETWORK ACCESS 


Similar to Tip 19, when trying to diagnose where your Internet or network is 
failing, it can often be a good idea to check to see if your system can talk to the 
router at all. 

You’ll likely know if this is the case from connection reports, but if you’re 
still struggling to find a problem and perhaps your router has connected your 
system using a weird address, it can be a useful step. To do it, open up the 
terminal and use: 


And lookattheanswersectionforthe DNS addresses. 


| $ ping [Router IP] 


“To check what DNS you’re using, you can use dig 
to find more details” 


22 


SETTING 
A DNS 


Somewhat related to Tip 20, if your DNS is 
playing up and you need to change it, adding 
a different DNS in the settings might be one 
way to help you. There are a couple of free and 
public DNS servers, such as Google’s Public 
DNS, available to use. To change them on your 
system, you need to open the terminal and edit 
the resolve.conf file using nano. Change the 
nameserver value and add a second value as 
well, to complete the process. 
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IF ALL ELSE FAILS, 
TRACEROUTE 


If you still have no idea what is going on in your 
network then a deeper scan of what exactly 
a package is going through might help you 
track down a problem. You can do this with 
traceroute. There are a huge amount of options 
you can use for this, but you can easily get a 
picture of the process by using the following 
command in the terminal: 


$ traceroute w 


n. google.ci 
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MANUAL WI-FI 
SETTINGS 


If using wireless in the command line, setup can be 
tricky as you must account for more than a wired 
connection. These settings will go in the interfaces 
file along with wired information, found at /etc/ 
network/interfaces. Here’s an example setup: 

auto wlanO 

iface wlanO inet dhcp 

wpa-essid [SSID of network] 
wpa-psk [Password] 
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■ INSTALLATION ERRORS 

From installing libraries to software, there can always be a problem 


CT3 UBUNTU LTS IS 
W] NOT UPGRADING 

If you’re using an Ubuntu LTS just 
because it’s the freshest version that 
you installed, but you would prefer to 
keep up with the latest releases, you 
may find that it won’t tell you when 

This is because by default, an Ubuntu 
LTS will only update when another LTS 
is officially released. 

To change this, open up the Software 
Centre, go to Edit and then Software 
Sources. Under the Updates tab, there’s an option to change when you are notified 
of a new version of Linux. Change it to ‘Any new version’ and next time it does a 
periodic check, it will let you upgrade straight away. No more being stuck in a 
version of Ubuntu that you don’t want! 




NEED TO ROLLBACK 
A PACKAGE 


While updating is usually a great idea to keep ahead of bug fixes and 
security updates, every now and then there may be a problem with the 
update either for everyone or specifically for you. Not every package manager 
has the ability to rollback specifically, but there’s a way you can do it. Apt 
requires you to first uninstall the package, use apt-cache showpkg [package] 
to get the available versions and then install it with apt-get install 
package=version. In Fedora, you can just use yum downgrade [package]- 
[version] to rollback. 


! 


i 

! 

; 

! 

i 

! 

! 

j 

! 

i 

; 

j 

; 



REQUIRE 
BUILD TOOLS 


: When compiling software, your distro 
needs the right software installed to do this. 
Packages like the GCC compiler and related 
——i tools are not always installed by default 
— j any more due to the convenience of 
package managers and downloadable 
binaries. Not every distro lets you install it 
-! thesame way though. 

In Debian and Ubuntu-based distros, you can install it with the package 
build-essential, which as the name implies comes with the essential 
packages for actually compiling and building software. In Fedora, it’s 
slightly different as you have to install a group of packages using yum, 
as shown below: 


| $ yum groupinstall “Development Tools” 


CT71 MISSING 
F4» 1 DEPENDENCIES 

When installing software, the required dependencies often aren’t met. This 
means that libraries and packages required aren’t available. Generally, you can 
fix this by looking at the output and seeing which package you need to install. In 
Debian-based distros you can install auto-apt, which will put the compiler on 
hold when it finds a missing dependency so it can install from sources. To run it 
with auto-apt, configure with: 

| $ sudo auto-apt ./configure 


“Now and then there may be a problem with the update” 


Oft UPGRADE 
A CD IMAGE 

When testing daily builds of a distro, there’s often 
no way to update software. But ZsyncCdlmage 
uses zsync, software that lets you selectively 
update with the files that have changed to enact 
an ISO-wide update by changing the files on the 
image. Install zsync and update with: 

$ zsync [URL to daily image] 


CANT INSTALL 
UU POST-INSTALL 

This problem occurs with distros based on 
Mandriva and PCLinuxOS - you’ll install the 
distro but can't add software. The distros are 
looking for software, so if you’re trying to install 
a package that’s not present, you’ll be in trouble. 

To fix this, go to Software Management and 
you can configure media sources. Choose the 
standard mirrors and deselect the CD or DVD as 
the source. Update the repos by reloading the 
software manager and you’ll be good to go. 


REMOVE 

REPOSITORIES 

j You may need to do this for many reasons: the 
I software a third-party repo is distributing is 
: broken, the repo is obsolete or maybe it’s never 

: worked. Removing it is different in various distros. 

In Debian-based distros, remove a repo by 
| editing the /etc/apt/sources.list to delete the 
I details of the repos. If you’re using Ubuntu and a 
j PPA, you can use apt-remove-repository [ppa 
• name]. In Fedora, repos are contained in labelled 
I files in /etc/yum.repos.d, so delete from there. 
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INSTALL FREEZING 
OR BUSY 


When something like this happens, one of the primary suspects is an errant installation or 
update program going on while you’re trying to install. You’ll need to look through logs and 
your system to see what may be usingthe installation tools, then either wait for it to finish or 
kill it off so that you can continue. 




CHECK 

DOWNLOADED FILES 


Sometimes installation issues can be caused by incomplete, corrupted or incorrect 
downloads. This is why a lot of FOSS comes with an MD5 hash associated with it, 
which you can check against the file itself to make sure it’s correct. To do this, open the 
terminal and type: 

| $ md5sum [filename] 


DISTRIBUTION 
aJSJ UPGRADE 

If you don’t have the benefit of a graphical package manager or 
software manager to perform a distribution upgrade with, Debian- 
based distros can make use of apt-get to do this. In the terminal, do 
an apt-get update and then follow that up with: 

$ sudo apt-get dist-upgrade 

FRESH INSTALL STILL 
NOT WORKING 

If your new install is still failing itself, then a good course of action is to 
just try and install the system again. Rewrite the live medium to make 
sure it was created correctly in the first place and do a complete install; 
it’s rare, but sometimes something will have gone wrong in the process 
and just trying again may create different results. 



QQ PARTITION 
i2u PROBLEMS 


PROBLEMS 

Some distros have some very easy and straightforward partition 
options, while others very much don’t. What these other distros have 
in common, though, is that they’ll let you mount to existing partitions. 
Using a live disc that contains GParted (which is most of them), you can 
set upthe partitions as you want much more easily. Orjust use fdisk in 
aterminal. 

“Orjust use fdisk in 
aterminal” 


m 


PACKAGE 
NOT FOUND 


If you’ve added or activated a repository recently and are having trouble finding it, or there’s 
new software in an existing repository that’s not showing up, your software lists might not 
have been properly updated yet. In Ubuntu, you can update it from the terminal with apt- 
get update, and Fedora has yum update, although the latter will also enact any software 
updates at the same time. 


m 


NEED TO FORCE 
AN UPDATE 



While getting dependencies sorted out is one way to make sure software installs, 
other times just forcing the package to install may fix a problem. While this may be a 
solution for dependency problems, there could be other issues blocking an install that 
don’t matter for you. In Ubuntu you should download the package using apt- 
get download [package] and then install with dpkg -i 
[package]. In Fedora you can us 
-ivh -force [package] to do this. 
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QO STOP A 

SOFTWARE RAID 

If you need to stop an mdadm software RAID for whatever reason, first 
make sure you take any files you want off the device. Once that’s done, and 
assumingyours is mdO with drives sda and sdb, you can disable it with: 


■ HDD FIXES 

There are a few things you may 
need to do to maintain a hard drive 


$ mdadm —stop /dev/md0 
$ mdadm —remove /dev/md0 
$ mdadm —zero-superblock /dev/sda 
$ sfdisk -d /dev/sda | sfdisk /dev/sdb 
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HARD DRIVES 
FILLING UP 


If you think your hard drive is getting full a bit prematurely then you should 
check some of the temporary files. Empty any trashcan-style location you 
have and give the cache of your browsers a clean. Have a snoop around the 
home folder for anythingyou may have missed too. 
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NEED TO CREATE A 
PARTITION TABLE 


This is usually something that affects hard drives that have been in many 
different systems rather than new ones, but sometimes you will need to 
create a fresh partition table. The easiest way to do this is to load up GParted 
and add it manually in Device>Create Partition Table. 



RECOVER 
YOUR DATA 


One of the biggest fears of computing can be losing all your important data - 
that’s why there are so many backup solutions available at varying levels of safety 
and security. Sometimes you just have to prepare forthe worst, and being able to 
recover data from a hard d rive may be needed eventually. 

TestDisk (www.cgsecurity.org/wiki/TestDisk) has functions to undelete files 
and recover partitions. It’s slightly better at the latter due to the nature of the 
recovery, and all you need to do is load it up on the problematic system (even on 
an installed distro, if you can) by moving to the folder and typing sudo testdisk- 
static in the terminal. 

From here you can create a log and then select a disk to try and rescue. After 
a scan, it will try and determine the partition table type and you can confirm or 
change it if you know it’s supposed to be different. Then you can Analyse to see 
if there’s a partition error, do a quick search to find any missing ones and Write to 
restore the partition. 

For undeleting files, you can choose the Advanced option instead of Anaylse, 
select a partition to work on and it will undelete all of the deleted files and move 
them to a specified location. 



FRAGMENTED 
LINUX DRIVE 


WWM ADD MORE 
Lflf3 SPACE 

There are a few ways you can do this. One of the easiest 
and lowest maintenance methods is to add, format 
and mount a new hard drive into your home directory 
or wherever it’s needed. This way, all the original drives 
are untouched and you know it will still run just fine 
from there. Otherwise, you can clone the hard drive 
using Clonezilla (http://clonezilla.org) and restore it 
to a newer, bigger hard drive and then extend the Linux 
partitions into the available space. 


OUT OF 

VIRTUAL SPACE 


If you’ve set up a virtual machine in VirtualBox for testing, it’s not uncommon 
if you’re using it often enough to run out of virtual space, even if you gave 
yourself a fair amount that was dynamically allocated. You cannot 
exactly extend into your host hard drive space, but you can always 
create more space to use. Go to Settings>Storage and add a new 
hard drive to the SATA controller. Boot into your VM and format the 
device, then mount it to a necessary directory to increase storage. 


Ext filesystems that Linux uses, and Linux itself, have ways of keeping 
files from fragmenting. However, it’s not perfect so fragmentation may 
occur eventually. There aren’t many defragmentation utilities for Linux, but 
defragfs (http://sourceforge.net/projects/defragfs) will do the job well 
enough if you’re worried about fragmentation. 
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■ GRAPHICAL PROBLEMS 

Sort out your drivers and modules, and learn how to exit X 



VIRTUAL 

DISPLAY 


Often when you set up a virtual machine in VirtualBox, you will find that the display does not 
completely fill up your screen. While this cannot be changed on live discs, if you've installed and 
configured a virtual machine then you can add kernel modules that enable you to use a better 
resolution. In VirtualBox, go to the Devices menu and click Insert Guest Additions. It will download 
an ISO that you can use to install the new kernel modules and then use the full-screen resolution 
as you wish. 




INSTALLING 

DRIVERS 


Graphics drivers on Linux come in two forms - restricted drivers that are downloadable or come 
with a distro such as Ubuntu, and reverse-engineered drivers such as Nouveau. Usually, if you’re 
having some form of graphics issue, the first thing you can try and do is switch between these two 
drivers. To download the proprietary ones, head to the AMD, NVIDIA or other website and either use 
the auto-detection tool or select the driver manually. They go through an automated installation 
method, which is agood first step to fixgraphical issues. 



/.Q GET TO THE /.Q RETURN TO HOWTO 

HO COMMAND LINE DESKTOP RESTART X 

Sometimes X, the graphical display server, will If you have had to go to the command line for If you need to turn X off and on again, try using 

freeze and you might be unable to do anything some reason, as we just advised in Tip 48, you Ctrl+Alt+Backspace to restart X. If that doesn't 

as a result. Additionally, it could become can also return to the original graphical desktop work, use Tip 48 to go into the command line 

horrifically slow or have another error coming using Ctrl+Alt+F7 - there are actually instances instanceandkillthedisplaymanagerusing: 

out of it. Instead of performing a hard reset or that can run on F3 to F6 as well, which are 

simply waiting it out, you can always switch to the usually command lines too. You can quit X on $ sudo service [display manager] stop 

command line and try to fix things from there. To the F7 instance and start it up on another one 

do that, just hit Ctrl+Alt+F2 and log in with your wherever you wish, so if F7 doesn’t get back to Your display manager could be LightDM or GDM - 

normal username and password to access all of it, try the other F keys instead to get a result. The you may need to google it. Once it’s killed, use sudo 

the various command linetools. choice is up to you. service [display manager] start or startx. 
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TRIPLE 

BOOT 

Two operating systems are 
so last year - here’s how to 
start using three of them to 
maximise your productivity 



Dual booting is a staple of being a Linux 
1 user these days. Classically, a lot of 
people think of this as Linux and Windows 
coexisting together on one machine. There 
are people who just have two Linux distros though and 
there are many reasons why this could be the case - 
testing on two systems, one for leisure and one for 
work, is just one example of why two can be useful. 

We can easily take a step beyond that though. 
It’s doable (storage space permitting) to have three 
operating systems residing side-by-side. Whether 
you’re having two Linux distros and a Windows install 
or simply three Linux distros, the concept is quite 
similar to dual booting and a natural extension of 
the practice. 

Over the course of this feature, we will teach you 
how to perfectly partition your system, from a fresh 
hard drive to a pre-existing install, as well as a few 
tips on the best methods of installing the systems to 
get them to work together. 




Why go for triple boot? 


As we noted above, there are many reasons 
why you would want to both dual boot and 
triple boot, and they depend entirely on 
how you use your computer and how often 
you need to use different environments for 
different tasks. 

One reason is often Windows - however 
we feel about it, many of us need it in our 
day-to-day lives. It could be something 
as simple as enjoying playing new games, 
which aren’t always supported on Linux, or 
it could be the case that you are a designer 
who needs to use the industry standard 
Photoshop or InDesign. You can even install 
OS X for a Mackintosh build if that’s more to 
yourtaste. 


A key reason to further extend a dual 
boot setup is to preserve your main distro 
- the one containing the bulk, if not all, of 
your personal data and media. There are 
innumerable reasons as to why you may 
want or need to use different distros on a 
regular basis, and sometimes live-booting 
or virtualising just doesn’t cut it - in such 
cases, it is incredibly convenient to have a 
third partition onto which you can install 
the distro you temporarily need to use. 
Non-Linux OSs aside, it could be something 
like wanting to have, for example, a Pentoo 
partition for testing alongside your main 
Debian distro, with a third slot for distro- 
hopping. It really is down to you! 
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Partitioning 

Set up your hard drive so that space is 
usefully split between your different distros 


In the first partition we 
have our primary default 
distro-this could be 
your work or leisure distro. 
We recommend about 
20 GB ext4 partition for a 
Linux distro 


The same as the first 
partition - a 20 GB ext4 
partition foryour other 
version of Linux. If you’re 
triple booting Linux, you 
canuseathirdoneof 
these quite easily 


d 


This partition is larger as 
we will install Windows 
here. Make it NTFS so 
Windows can see it 
during installation. It’s 
best to give Windows 100 
GB of space to be safe 



I**—’ h 


We’ll create a shared 
storage partition for all 
operating systems. This 
can be made up of all the 
remaining space and it’s 
best to keep it to NTFS 
so everything can use it 


This is the swap partition, 
used with the RAM when 
Linux is running. Similar 
to Windows’ page file 
system but that resides 
on the main Windows 
installation partition 


Ifyou plan to set up the 
hard drive and install 
the operating systems 
from scratch, it’s best to 
use GParted - found on 
most live distros or any 
maintenance distribution 


Installation 

order 

Windows first, 
primary last 

Installing Windows first can actually make 
the installation process a lot smoother - 
this is also good news if you’ve already got 
an existing or new Windows computer. The 
major benefits of installing Windows first 
is that you don’t have to mess around with 
recovering and rebuilding GRUB at the end 
of the installation process, and it won’t 
try and overwrite you r cu rrently i nstalled 
Linux distros during its own installation 
process. The GRUB benefits also apply to 
installing your primary distro last, as you’ll 
then be able to easily modify and update 

Linux first, 

Windows second 

Performing installation in this order has 
its advantages by more easily tracking 
what you’re installing and where. If you’re 
setting up a disc from scratch or already 
have a Linux distro installed, you can use 
GParted straight away to get the disc 
formatted to your specif ications. This 
means that while you’re still in the live 
disc you can do the first installation. This 
can save a lot of time ifyou have limited 
resources for creating live discs or live 
USBs - you’re already in Linux to edit the 
partitions, so why not install it? 

“This order has 
its advantages 
by more easily 
tracking 
what you’re 
installing 
and where” 


Above is a useful setup for triple booting 
your system, but this is only a guideline. 

The 20 GB sizes for the Linux distros 
take into account just purely installing 
packages - in many ways it’s a very liberal estimation 
of how much space you’re going to use, however this 
depends on your development habits and what kind 
of software you are planning on using. The order is 
also fairly arbitrary - it won’t make any difference to 
disc speed but it may make sense to you personally. 


While we do recommend a shared storage 
partition, the file structure of the home folder in 
Linux and Windows is quite different, which can 
easily complicate things. 

Windows and Linux both allow you to mount 
specific parts of the partition to specific locations 
in their hierarchy though, which can make it a lot 
easier and quicker to organise. However, another 
option that you can think about is splitting up the 
storage partition between the two. 
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Installing Linux 

Installing Linux alongside another 
distribution can be easy with the right distro 


Types of 
distros 


\1/ days 


Installing Linux has been reduced down 
:o the bare minimum interactions these 
days for a lot of distros. Ubuntu, Fedora, 
openSUSE and all your major, modern 
distros havetheirown graphical wizard either shared 
between them or created for the distro. Usually 
it’s a case of just hitting install and overwriting the 
disk, but if the hard drive partitions are set up as we 
suggested then you won’t want to do that. 

In these distros though, you will be able to do one 
of two things: install alongside or specifically set 
up a place to install the root file system. The root 
file system is the core of the distro, where all the 
files to run it are stored, and it is represented by a 
’/’. Installing some distros from scratch will make it 
create a separate partition for the boot files or home 
folder and you can certainly make your custom 
partition setup do that as well. 

On less advanced distros - perhaps those 
designed for older systems - the installation 
process can be a lot more involved. It will require you 
to know what partitions you’ve got and where they 
live on your system. While they may have their own 
partition software it is likely to be a lot more manual, 
so in this case we’d still recommend using GParted 
with another live distro first to get the partitions 
sorted beforehand. During this process make a 



note of what the hard drives are called during the 
partitioning process - this will be something like / 
dev/sdaforthe hard drive and sdal, sda2, sda3, etc 
for the individual partitions. These numbers won’t 
always be in the orderyou expect though, so it’s best 
not to guess it. 

All distros, live and installed, will automatically use 
any swap partition on the system. You only need one 
of these for your system as you are just running one 
distro at a time, and you don’t need to set it as the 
correct swap when installing either. 

For further installation advice always make sure to 
read the available options and if all else fails, seek out 
original documentation on the distro’s website. 


A beautiful looking distro that is easyto use 
and yet still offers everythingyou would want 



ESS3S0 

Arch Linux 



■ In Ubuntu you can select custom partitions for different areas of the distro’s files 














Choosing distros 
to use is easier if 
you think in terms 
of their categories 


Lubuntu 


Being light without sacrificing anything is one 
of Lubuntu’s major pros. There are many more 
advantages though. 



hl.llll.IJmL-U 

Gentoo 


You can get the very latest packages and 
updates in one of the most customisable 
setups around. 



openSUSE 

It’s great for enterprise and it’s also great 
if you want to just do some work without 
any distractions. 
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Recovering GRUB 

Get the boot menu back if things go wrong 
or manage it with a different distro 


/pC\ One of t 
installing 
other is tti 
■=■ boot man 


01 


f the issues you may find with 
1 installing one or two distros next to each 
other is that you might mess up GRUB, the 
boot manager used by Linux to actually 
boot into the distros and other operating systems. 
You may also want to manage it with your ‘default’ OS. 
Both of these can be fixed using our recovering GRUB 
guide below but unfortunately this won’t help you 
recover an operating system you’ve written over. 

Live boot 

I Any of the distros we’ve been using 
will work for this - you can even technically 
do it from another installed Linux distro if 
you’re already inside it. When you boot into 
the live Linux, you may need to install the grub 
package. Ensure that you do it from the terminal 
before continuing. 

Mount the hard drive 

Wfc Some distros like Ubuntu, for example, 
will let you click and just auto-mount the internal 
hard drive from the live environment. However, 
you can also do this in the terminal. Mount the 
primary install partition to a logical spot using 
something like: 

$ mount /dev/sdal /mnt/ 



rrc R 

UO A 


Restore GRUB 

Assuming your primary partition is 
sdal, your installation hard drive is sda and 
you mounted it to mnt, you can now restore 
GRUB using the data from the partition that you 
just mounted with: 

$ grub-install —root-directory=/mnt /dev/sda 

HA Reb00t 

After a reboot, GRUB should be back to normal 
and at the very least you can boot into your main distro. 
From there you may need to update GRUB further - to 
do this, open the terminal and perform the following 
two commands: 

$ update-grub 
$ sudo grub-install 
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Windows installation 

Microsoft’s operating system is a necessary evil to some, 
but here’s how to summon it safely from its dark pit 


@2 

XZJ out 


If you’ve already got Windows installed, 
1 we suggest looking overthe page to figure 
out the best way to prepare for installing 
= other operating systems alongside it. 

Otherwise, installing Windows when Linux is already 
there is not quite as easy as its Linux counterparts. 
Windows would prefer to completely wipe the disc 
and set itself up as the ruler of your computer, but 
with some persuasion you can get it to play nice. 



m Prepare to install 

Put the disc in and boot your PC. The first step 
in installing is to set the language as you normally 
would. Click install and then agree to the licence. After 
this, you’ll be asked how you want to install; click on 
the Custom install option to install from scratch. 



no Storage 

Wb Select the empty partition we created 
before in GParted as the place to install Windows to. 
It will recognise it as NTFS, with the Linux partition 
as unknown - it will also completely reformat this 
partition once again, so make sure there’s nothing 
on there. 



■ Feeling adventurous? Grab and burn the Windows lOTechnical Preview from bit.ly/1y8MoE2 


ryv 

UO is 


( Wait a while 

Windows can take a while to install and will go 
through several phases, including rebooting o 


05 ' 


Access a microsoft account 

You’ll need to log into or set up a Microsoft- 
based account in order to use the latest versions 


twice during the process. Leave it alone and it will do of Windows. If you already have one then you car 
itsthingwithoutanyinterruptions.Nowisagreattime enter it here and log in. Otherwise, you’ll need tc 


to go and makeyourselfacupoftea. 


linkan email address to a new account. 


EP 



A/ Personalise your install 

On Windows 10 (or Windows 8.1, if you’re 
playing it safe), you’ll now need to make some 
basic settings for your data and the way that your 
system should work. Go through the wizard with 
your own choice of settings before entering in your 
account details. 



A A Final setup 

W w Wait a while and the wizard will grab your 
account settings and any other data you may have 
associated with a Windows 10 installation under 
your Microsoft account. After this, it will bring up 
the desktop and allow you to start using it. 
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“You need to be 
careful when 
shrinking the 
partition” 


Shrink partitions 

The NTFS file system isn’t suited to editing 
its space use but there are ways around it 


Defragging 

Linux 

While ext3 and ext4 are much more efficient, 
they can still exhibit fragmentation. Shrinking 
of the partition might still corrupt files if 
parts of them are located towards the end of 
the disc, although it’s much more unlikely. If 
you’re shrinking right down to the line, you’re 
asking for trouble. Linux defragmenters 
are few and far between though (however 
defragfs is worth a try: sourceforge.net/ 
projects/defragfs), so one of the best 
methods is to temporarily move all of your 
personal files onto portable storage, while 
setting up the partitions and such, and be 
conservative. Again it is worth mentioning to 
always back up important files on these kinds 
of tutorials anyway. 





If you’re starting with Windows already 
installed onto your system, then you’ll need 
to start making space so that you can install 
your other distros. This means shrinking the 
install partition on Windows, which almost 
always by default includes the partition that 
carries all of your files and documents and such 
- the contents of which used to be known as 
My Documents. 

Therefore, you may need to start moving files 
off your computer before shrinking partitions 
and re-organising your hard drive. As we’ve 
shown on the partitioning page, you should 
allow for more space on Windows anyway and 
you can even use its main partition as your 
general storage space rather than keeping 
it completely separate. 

Either way, you need to be careful when 
shrinking the partition - files usually become 
fragmented and split themselves up across 
the disc over the course of many writes and 
rewrites and moving around. In the days of XP 
this could become quite ridiculous, however 
since then Microsoft have implemented auto¬ 
defragmentation systems into Windows that 
generally keep it more tidy on a disc level. 


It’s hot perfect though, and you may feel 
the need to perform a defrag before shrinking 
the partition. For this we recommend 
UltraDefrag (bit.ly/168iFAr), which is an open 
source defragging application. You can make 
it perform an active defrag that will remove 
files from the end of the partition - where we 
will be reclaiming space - and even perform a 
boot-time defrag so that system files can be 
moved as well. 

Once that is done, you can use GParted to start 
setting your disc up. Do not move the Windows 
partition though as it will completely ruin your 
installation. Instead, keep it where it is at the start 
and install everything around it. 



■ We recommend using UltraDefrag if you 
want to have a pass at defragmenting 



■ Windows has tools for this in Windows Vista and up - you can use tl 
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Editing GRUB 

The boot menu is automatically created by 
your distros, so it may need some tidying 


Modern GRUB, GRUB 2, is very smart. Merely 
installing it as part of most distros has it look to 
see what else is on your system and add it to the 
boot menu. If you’ve used the GRUB recovery 
pages in this guide, you’ll know that these can be 
updated at any timeto include new distros. 

There is a lot more you can do with GRUB 
though, from simply changing the default 
selection on the boot menu to customising the 
naming and placement of operating systems on 
it. After each update you can save the changes 
withsudo update-grub. 

(\A Default selection and time-out 

I On the boot screen the default selection 
will be the first distro in the list. This will 
automatically be selected when the timer hits 
zero. As a quick way of changing the default to 
better suit your needs, in a terminal use nano / 
etc/grub.d/00_header and then search for the 
followingtwo lines: 

GRUB_DEFAULT=0 

GRUB_TIME0UT=5 


02 


Manual order change 

After every update-grub, the grub.cfg 
updated, usually located in /boot/grub/ 


grub.cfg. Open it up with nano and scroll down 
to see the default and time-out changes we 
made, as well as the individual boot scripts. You 
can manually move these around in the cfg and 
save it, but it will be overwritten every time you 
do an update-grub. 

AQ Quickorderchange 

wO The order of boot menu placement 
depends on thev number of the files located in 
the /etc/grub.d folder. The Linux you’re using will 
have a custom script titled ICLlinux, whereas 
everything else will be discovered using the 30_ 
os-prober list. Changing the number on the two 
will move them around in the list, for example 
09_os-proberwill occur before ICLlinux. 

f\i Best order change 

w™T The most effective method of changing 
the order is to create custom scripts for your three 
distros and order them properly in the grub.d 
folder. Other distros will use a very similar script 
to the ICLlinux file and you can find atemplate in 
40_custom. Windows is done slightly differently 
to boot into its chainloader. Once you’ve got these 
setup, you may need to do some maintenance on 
the scripts every few months, but it should keep 
yourGRUB menus in perfect order. 



UEFI 


When Windows 8 launched there was a lot of 
furore over UEFI and secure boot. For good 
reason though, as secure boot would not 
allow you to install other operating systems 
alongside Windows. As most PCs and laptops 
come with Windows as standard, this meant 
that it would cause major problems for Linux 
users. Luckily, distros began to adapt and 
implement software so that even though 
motherboards still had UEFI and secure boot, 
they would be able to boot without too much 
of a problem. 

These days there’s not a huge problem in 
installing Linux alongside Windows as most 
distros have a solution in place, and you 
can easily deactivate secure boot to get the 
installation underway. If you do come across 
any issues though, Google should help you 
out right away. 



“When Windows 
8 launched 
there was a 
lot of furore 
over UEFI and 
secure boot” 
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Styling 

GRUB 

If you want to get 
really fancy, you can 
always theme GRUB 

GRUB isn’t, by default, the prettiest 
thing in the world, so if you’re going to be 
running with your triple boot setup for 
a while then you might want to give it a 
little polish. 

There are some great guides out there in the wild 
that walk you through the entire process, including 
how to set the option titles, the splash image, plus 
the colours of each element as well as the fonts. 
Explained in a little more detail just to the right, one 
great site to check out forthis is dedoimedo.com. 



■ Adding custom backgrounds to GRUB2 is 
much simpler than you’d think 


I — 


■ You can also customise the menu options 
themselves with fonts and colours 




Resources 

If you need to know more about booting, 
GRUB and the distros, try these resources 

DistroWatch 

distrowatch.com 

Like the idea of triple booting your system but can’t quite figure out exactly what distros to use? 
DistroWatch compiles one of the most complete list of Linux distributions on the Internet. It keeps tabs 
on the updates and release cycles of all the major distros, and also has archives of all the update news 
for each of the listed distros. Every one has its 
own categories and a little explanation so you can 
figure out if the distro is what you’re looking for 
before trying out a live disc. 

There is a ranking table of distros that seem 
to be popular on the site, which may help you 
discover new and excellent operating systems, 
and an upcoming release schedule so you 
can plan what distros to get ready to install 
in advance. 

UNetbootin 

unetbootin.sourceforge.net 

Who has DVDs lying around to burn images to these days? Well... we do! We have a load left that we 
might need in the future (you never know), but in general we still prefer to use a bootable USB stick to 
create our live media. Especially when not every 
computer has a disc drive any more. 

UNetbootin is the perfect piece of software to 
do this and it works across all platforms. Itquickly 
writes ISOs to a bootable USB stick and also 
has the ability to download a preset selection of 
distros if you haven’t hunted down an ISO yet. It 
can also add a little bit of re-usable storage to 
Ubuntu-based distributions. Otherwise, you can 
simply navigate to the location of an ISO on your 
system and write the USB from there. 

Dedoimedo GRUB 2 tutorials bit.i y /i yo xski 

A full GRUB 2 reference site can be found at dedoimedo.com. It includes a much more in-depth 
discussion of how GRUB 2 works, how the config 
file is built and used, the different directories and 
more. There is also a lot more info on creating 
your own custom boot scripts for different 
distributions, a few more recovery tips and ways 
to customise the lookofthe boot menu. 

It is kept up to date with the latest GRUB 2 
changes, so even if you have a problem in the 
future and need some help, it should remain an 
excellent resource to go to. 
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Total 
Privacy M 
on Linux 



Protect your privacy and your 
personal information from 
advertisers, doxxers and anyone 
you may feel threatened by 
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Your privacy is important. In this modern, 
always-connected world, finding out 
who you are and where you are is 
easier than ever. If it’s not advertisers 
supplying you adverts that are mildly intrusive 
and slightly creepy, it’s intrepid Internet 
detectives who’ve decided you have wronged them 
in some way. 


For some, it can be required for an innocent task 
such as looking for a birthday or Christmas present, 
while others are driven to mask their personal details 
by less positive events such as hiding from an abusive 
spouse or trying to whistleblow without having to fear 
any repercussions. 

Recently there’s been a trend of people speaking 
their mind about controversial topics that have found 


their personal information displayed on the Internet 
for all to see. It’s no joke - especially when you’re 
threatened publicly and feel like you need to leave 
your home. 

Over the next few pages, we’ll cover some of the 
basics of keeping your information safe, whether you 
need to do so every now and again or want to make it 
an ongoing effort. 
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Long-term 

privacy 

Get yourself 
private and keep 
personal details 
private online for 
the long haul 


Real name 

Using your real name as little as possible can 
be good practice. Without your real name, 
would-be harassers would have very little to 
go on to start trackingyou down. There are 
some websites that enforce real-name policies 
(Facebook being a well-known example), but by 
following our tips on privacy settings this should 
be less of a concern. Certainly forthings like 
Twitter, you can easily avoid using a real name, 
along with anywhere else that just requires 



DuckDuckGo 




■ The DuckDuckGo search engine does not collect or share personal information 


The methods on the previous page are 
good for keeping your browsing habits 
at any particular time secret. Privacy is 
not just about not having any cookies or a 
known IP address or a lack of Internet history, though 
- it also applies to your own person. Your address, 
your phone number and even email address can 
be precious things that you don’t want any random 
person on the Internet to find out. While you can 
set up Tor to work permanently on your PC, it won’t 
necessarily keep those details private if you have 
them anywhere else online. 

This may sound fairly obvious, but there are a 
few ways people can slip up and have their location 
leaked to the world. One of the major culprits for this 
is social media, especially services such as Facebook 
and Twitter. 

PRIVACY SETTINGS 

Facebook is a big culprit here, with updates causing 
changes in privacy settings that you’d already 
turned off. Facebook keeps your email address on 
file and lets you include it on your profile - you can 
also add a phone number and full address if you so 
wish. The best solution here is to not include any 
of this on your profile at all, but if you need certain 
people to have access to it, you can easily create 
lists of friends on Facebook and have it set so only 
they can see the information. 


This applies to other social networks like 
Google+ as well. Tweak the privacy settings on your 
pictures, statuses and anything else you don’t want 
the entire world to see. 

For a quick way to go through your privacy settings, 
you can try out PrivacyFix here: http://privacyfix. 
com/start. 

LOCATION AWARE 

Facebook and Twitter both have location trackers you 
can use when sending tweets, messages or updating 
your status. Tweeting publicly that you are at home 
on Twitter with the location set to on is a good way for 
someone to track you down. 

Other things you should be wary about include 
tweeting pictures of your house or immediate 
surroundings - with readily available access to Google 
Street View and satellite imagery, it’s easier than ever 
to figure out where the picture was taken. 

PRIVATE WHOIS 

Due to laws governing website registration, you’re 
required to supply details for the owner of any web 
domain. This includes a phone number, address 
and email contact, all of which will be made public to 
anyone who knows which websites you’ve registered. 
Staying private on the Internet doesn’t mean that 
you don’t exist on it, and foregoing a web domain 
entirely is hardly a good solution. 
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■ PrivacyFix 
covers a lot of 
social media 
accounts and 
is managed 
byAVG 


Most domain registrars now offer a service to 
make this private, either through themselves or a 
third party. The information still exists but it is only 
accessible through this service by people with a 
warrant, and not the general public. These services 
do cost money though, however a few dollars or 
pounds a year can be more than worth the peace of 
mind it offers. 

OLD ACCOUNTS AND APPS 

We all have a digital footprint that’s years in the 
making, spanning who knows how many sites that 
you may have only used once. Luckily some of these 
may have out-of-date information anyway. Either 
way, it’s good practice to hunt them down and either 
delete them or replace any sensitive information 
with false information. Google searching your old 
usernames and names might help to track down 
some of the trickier ones to locate, and checking any 
email archives can help as well. 

For older forums or abandoned websites this 
can be near essential as they can be hacked easier. 
Speaking of hacking, apps you’ve approved on 
Twitter and Facebook and any other social network 


retain their privileges long after you’ve stopped 
using them. Old Twitter clients and Facebook 
chat apps and quizzes may still be allowed to post 
on your behalf or have access to your personal 
information and they’re a common target for hackers 
forthis reason. 

You should be making periodical checks of your 
approved apps to make sure any old ones haven’t 
slipped the net. You should also be wary of allowing 
some of them, especially the Facebook ones, access 
in thefirst place. 

SEARCH YOURSELF OUT 

There are various websites that compile data 
on people from whatever public information 
exists. Looking for yourself on these sites can be 
important as even the smallest bit given somewhere 
can be correlated back to you. Most of them will 
allow you to remove your details from their website 
with little hassle. 

For security tips regarding your privacy, you can 
also check out Jon Jones’ privacy breach survival 
guide (bit.ly/1 wKAITo) for tips on how to secure your 
accounts, as well as afew more privacy tips. 


WHOIS watching? 

Makingyour WHOIS ICANN details private 
as we’ve suggested is a good step, but it’s 
unfortunately not perfect. There are sites 
that keep an archive of WHOIS records, 
supposedly for cybercrime detection and 
other related fields, but anyone with $1 and 
a PayPal account can get a seven-day free 
trial. They technically shouldn’t do this due to 
certain ToS, but unfortunately there seems to 
be no way of removing these old records. It’s 
an extra step beyond a quick WHOIS search 
though that not everyone is willing to do or 
even knows they can do. 



ICANN 
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Private 

apps 

Applications 
you can use to 
communicate 
with others that 
will maintain 
your privacy 


Worst 
case scenario 

Doxxing is when someone’s private information 
is leaked onto the internet in a malicious 
attempt to scare that person. It’s not a nice 
thing to have done to you, and it can be hard to 
get the information removed if it’s put up in the 
right place. 

The first thingyou need to do is to check what 
information has been released. Some doxxes 
end up using old information, meaningyou’re 
phone is safe. However, people living at an old 
address may be mistakenly targeted so you 
should make sure to inform them. Whether it’s 
old or real information, if it’s posted on a third- 
party website such as Pastebin orTwitter you 
should immediately report it to be taken down. 

It’s worth contactingthe police to see what 
they advise you to do in your specific situation, 
although they may not be able to help much 
unless you start to get calls harassingyou or 
begin to suspect that someone is watching your 
house. Rememberto stay as safe as possible, 
and start to hunt down any place that may have 
resulted in the information being leaked so you 
can plug it for the future. 


m 

Hey guys 



■ Not only does CryptoCat encrypt your messages, it doesn’t read any of them either 


Instant messaging 

CryptoCat is a secure instant messaging 
service that works on multiple browsers 
and smartphones to let you chat with 
people over an encrypted service. Like 
a lot of instant messaging clients, you need to make 
sure the people you want to talk to have the client 
themselves, but due to the low barrier of entry it's not 
much of a hassle. 

In an article published by ProRepublica (bit. 
ly/IwuGegS), CryptoCat and a few other instant 
messaging clients scored perfectly on their test. 
This includes messages being encrypted before 
transmission, verification of recipients, open source 
code and security for past conversations or chat logs 
if something goes wrong. There are a couple other 
instant messaging clients that scored the top score, 
so if CryptoCat isn’t for you then there are other open 
source offerings that will do the trick. SilentText, Text 
Secure and Signal/RedPhone are just three examples 
which have all had the same score as CryptoCat in the 
ProRepublica test. 


Email 

Two of the most popular email clients, 
Thunderbird and Claws mail, both 
support PGP encryption on emails. PGP 

encryption means that only people who 
are the intended recipients of the email will be able to 
read them bysupplyingaspecialkey. 

Claws mail supports it by default, but you’ll need 
to install Enigmail for Thunderbird (and Seamonkey) 
to set up PGP support. This lets you send and receive 
emails with PGP, and as it’s open source it’s known 
to be secure by the community and security vetters. 
Find out howto use Thunderbird and PGPon page 26. 



■ Enigmail is a Thunderbird extension 




“PGP encryption is used in Tails to 
make sure emails are private” 
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Privacy 
in a hurry 

Need to quickly 
and briefly go 
anonymous 
online? Grab the 
Tails distro for 
instant privacy 



Tails is the now-legendary Linux 
distro that acts to keep your identity, 
location and activity secret and private. 

Its entire setup helps you make sure 
that you can perform whatever task you need to do 
and leave no trace of your activities on the computer 
you did them on, and to have any browsing you 
performed completely obfuscated by bouncing it 
around the Tor network. 

To get it, you first need to download the ISO for the 
distro from https://tails.boum.org. 

The ISO can be burned to a disc using something 
like Brasero, or better yet to a USB stick using 
UNetbootin. Both of these should be available in 
your package manager under those names, though 
if you have trouble finding them then they’re easy to 
find online. 

Tails does not install to your system - instead, 
it works by booting live every time. It lives purely 


in the RAM so that nothing will get saved to the 
hard drive. When you perform a shutdown, it 
will completely rewrite the RAM to erase itself 
completely from your system. 

To boot into it, restart the computer with the CD 
or USB stick plugged in and look out for the boot 
menu prompt (usually something like F10). Select 
the CD drive or USB storage to boot from and it will 
go straight into Tails. From here you can choose the 
basic options and you will now be able to browse 
straight away in total anonymity. Flowever, there 
are some other customisations as well such as a 
Windows camouflage mode that looks no different 
to prying eyes than Windows. 

You can write documents, edit images and 
generally do all the stuff you’d usually want to on 
a distro, and then send them securely via PGP 
encrypted emails or other secure online services if 
need be. 



Private 

browsing 

Incognito mode 
only keeps you 
anonymous on 
your own PC 


Booting into Tails can be a bit of a hassle 
if you only need to be fully private every 
now and then. Tor is readily available to 
anyone though without going through a 
specialised distro, and there’s a handy Tor browser for 
your private browsing. 

It’s based on Firefox and uses the same technology 
as the Tor button that used to be available for Mozilla’s 
browser. Due to the rapid development of the browser, 
the Torteam decided instead to create their own spin 
of the browser. This means they have full control over 
how it works, guaranteeing that users stay safe and 
private while using it. 

You can get the browser from the Tor website 
(http://bit.ly/1jdsLFC) and it runs directly from 
the files in Linux without any need for a proper 
installation. Just make sure that you put the 



■The Tor Browser has all of Firefox’s functions; 
some are limited for privacy reasons 


run command for it in a place that is easily accessible. 
It’s basically the same browser that’s in Tails already, 
so it has a secure search engine and all your traffic is 
routed through Tor, which makes it untraceable. It’s 
best to not use this as your main browser, due to its 
limited functionality outside of privacy, although it 
entirely depends on how you plan to use it. 
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Troubleshoot & Repair 

Linux Networks 


No network connection on your laptop or problems 
with your Web hosting? We’re here to help 


“The Network is the computer,” is the 
famous, prescient quote made by Sun 
Microsystem’s chief scientist and 
employee number five, John Gage, in 
1984 . The growth of the web, mobile and cloud 
computing have borne out that phrase, and a 
computer without a network connection is 
just an expensive paperweight. 

Fortunately networking is central to 
Linux, with the Internet, and the Web, 
having been built on UNIX. Most 
\ distros have the built-in tools that 
L will tell you what’s going on, or at 


least start you on your way in investigating your 
network problem. More sophisticated tools can 
be found in your distro’s repository and, as nearly 
all of them are command line based, will workjust 
as well on yourVPS as your laptop. 

Linux puts the power in your hands - you just 
need to know where to look. Over the next few 
pages we’ll take you through the basics of the 
GNU/Linux networking stack, and what can go 
wrong with it (and the rest of the Internet). We’ll 
look at tools and conf ig files to help you and finish 
with help for using four of the most useful tools: 
netcat, dig, traceroute and Wireshark. 
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Network essentials 

The first step to troubleshooting your Linux 
network is to fully understand how it works 


© Whe 
hare 
it's 


Where is the network down? Don’t neglect 
' hardware problems - after basic checks 
it’s worth looking for pulled cables 
or fault lights on your Wi-Fi router - but 
even following the route your IP packets take, there 
are lots of places for problems to occur. Some 
problems are easy to check, while some are more likely 
than others - let this guide you in the order you tackle 
yoursearch. 

First some background information. You don't need 
to pass an RHCE (Red Hat Certified Engineer) or LPI 
(Linux Professional Institute) exam, you just need an 
appreciation of TCP/IP networking. Feel free to skip 
through this page lightly, and refer back after reading 
the more practical parts of the article. 

TCP 

TCP/IP - Transmission Control Protocol/Internet 
Protocol - is a set of rules for computers to 
communicate with each other. TCP sits on top of IP, 
demanding confirmation for each data packet sent - 
a lot of overhead compared to UDP (User Datagram 
Protocol) where no checks are made, but it means 



there is a lot of useful information available to tools 
that diagnose TCP/IP problems. 

30 years ago, when TCP/IP standards were 
developed, the computing world was a different 
place and TCP/IP's independence from the hardware 
and transmission medium, and open standards and 
common addressing scheme, have helped give us the 
networked world we have today. 

IP, the Internet layer, defines the datagram - the 
basic unit of transmission in the Internet, consisting of 
a header and a block of data. The header contains all 
the information needed to deliver it - routing from the 
originating equipment to the destination - in five or six 
32-bit words. 

The header contains the destination address for the 
data. If it’s not on the local network, it will be passed 
to a gateway (or IP router) and continue until it reaches 
its destination, its journey being determined by routing 
protocols. The address in IP version 4 (IPv4) is a dotted 
quad, a 32-bit binary number normally expressed 
in the form n.n.n.n, where n is anywhere between 
zero and 255. Certain numbers are reserved, such 
as 127.0.0.1 for local host, a way for any computer to 
refer to “myself”, and private addresses used for local 
networks, such as 192.168.n.n. 

When even your toaster wants to connect to 
the Internet, the 4.3 billion addresses provided 
by IPv4 aren't enough. IPv6 (version 5 never got 
going) defining 128-bit addresses, attempts to 
fix this. Formalised in 1998, IPv6 still carries 
under 10 per cent of the world’s Internet 
traffic. We will referto IPv4 as IPfrom now on. 

In 192.168.0.0 networks, for example, a 
subnet mask tells other computers (hosts) 
and routers which part of the address is for 
the subnet (eg 192.168.0) and which is for 
the host. Our ADSL router has given our 
laptop the IP address of 192.168.0.2, so 
the host portion is two. The subnet mask 



■ Know your onions: compare the OSI seven- 
layer model with the four-layerTCP/IP model 

is 255.255.255.0, which tells routing devices what parts 
of the IP address to treat as what. 

TCP establishes a virtual connection between 
a destination and a source, ensuring packets are 
reassembled in order and re-sending any that get lost. 
It specifies a port at each end - numbered between 
0 and 65535 to indicate the service or application. 
There’s a long list in /etc/services on your machine but 
well-known ones include 25 for sending mail and 80 
for the web. The combination of IP address and port is 
known as a socket. 

Below the level of IP, your physical network hardware 
(wireless or ethernet card) uses a MAC (Media Access 
Control) address - six colon-separated numbers. 
The protocols that deal with this are the ARP Protocol 
(Address Resolution Protocol), which translates IP 
addresses to MAC addresses and its reverse, RARP, 
which handles translation the other way. 

Hostnames like wikipedia.org are used to save you 
putting 91.198.174.192 into Firefox. The Domain Name 
System (DNS) uses DNS servers on the Internet to 
store these names, and hiccoughs in contacting DNS 
servers account for many networking problems. 
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Diagnosing issues 

Finding the root problem can be tricky, but 
there are a number of places you can look first 



Can’t connect to Wi-Fi? 
The iwlist tool shows you 
everythingyour wireless 
network interface can se< 


Nslookup gives you the 
domain’s IP address, and 
where it looked for 
it. Simple, but effective 


Atext-based interface 
and ascriptable version 
re available for Wicd, but 
the GUI frontend is fine 


...will pick up the revised settings on Debian-based 


What’s not working - connecting to one 
website or all of them? If it’s just one then 
it may still be a problem at your end, but if 

— it’s everything, let's find out where the 
problem lies. 

First your network connection - most 
desktop distros ship with NetworkManager 
to manage connections. From the command 
line, typing nm-tool will report what it knows 
of your network - look for ‘State: connected’. 
If you don’t have nm-tool, use ifconfig to see 
which interfaces are recognised and ethtool for 
connection status information, or use iwconfig 
for wireless connections. 

While ethtool will show you’re physically connected 
to the network (Link detected: yes) and iwconfig that 
you are connected to a wireless router, ifconfig will give 
you your IP address and netmask, telling you that this 
much of your networking is successfully configured. 

Running route will show the routing table, which 
includes the default gateway to the rest of the Internet. 
If there’s no default gateway shown for addresses 
outside the local subnet, you will need to fix this. Route 
can be used to add routes but you need to address the 
cause of the problem. 

Your servers will have fixed IP addresses, which can 
be edited to correct gateway and other network details. 
Laptops tend to be configured automatically by a 
DHCP (Dynamic Host Configuration Protocol) daemon, 
often running on an ADSL router, where settings can be 
changed forthe problem machine if necessary. 

Having corrected settings, a network restart: 

| sudo service networking restart 





Its just you http:llgorretoearth.ora is up 

Check another site? 



■ www.downforeveryoneorjustme.com is a very 
handy diagnostic tool, simple as it sounds 


PCs - leave out the gerund (the -ing) for Red Hat boxes. 
Run route again to check for the appearance of the 
default gateway. 

Ping uses another part of the TCP/IP protocol stack, 
ICMP, to send an ECHCLREQUEST datagram, and 
the ICMP ECHO_RESPONSE produced by the host or 
gateway pinged is used to calculate a time for the trip. 
Ping tells you if a machine is up, what latency there 
is in the network and how many packets are lost, all 
indicative of something unless the server has been set 
to drop ICMP requests by an overzealous sysadmin, 
something of negligible security use in most cases. 

Use ping to check that you have a route to hosts on 
the Internet. Start by pingingyour gateway: 

| ping 192.168.0.1 

...then ping a reliable host like 8.8.8.8, one of Google’s 
public-facing DNS servers (the other is 8.8.4.4). We’ve 
been using IP addresses and -n switches to avoid DNS 


problems distracting us from other network faults, but 
now’s the time to check DNS functionality. Nslookup, 
less sophisticated than dig (part of dig’s output can 
be seen above), but is fine for checking that a domain 
name resolves to an IP address. If you don’t get an 
answer, have a look in /etc/resolv.conf. 

If you’ve ruled DNS out, try some of the tools overleaf 
- traceroute to see if you can route all the way there, 
telnet and friends to see if a particular port is open, 
dig for more DNS and Wireshark for investigating 
unresponsive or slow services. 

If it is your webserverthat’s the problem, then ssh in 
and run; 

| netstat -lnp | grep -i apache 

...(replacing apache with nginx, httpd or whatever is 
appropriate) to see if your web server is listening to all 
addresses on port 80. You could grep 80 if that’s the 
only port which you’re concerned with, but check what 
else Apache is up and listening on. 
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Configuration files 

Diving into the config files with your favourite text 
editor is a great way to quickly solve problems 


Is it plugged in? 

You may not believe it, but really, these things do 
happen. It’s not the first thingto check - ifconfig and 
ping will both show that you have a working ethernet 
connection, or that the Wi-Fi router is up. However, 
if tests show no connection, that’s when you look 
for loose cables (is the NIC showing a green light?), 
unplugged routers and any other physical causes. 

Don’t forget that many laptops have little buttons to 
switch off the Wi-Fi card (or F-key shortcuts) that can 
be accidentally pressed. However: 


...will (usually) show whether or not this is the case. If 
it’s hard-blocked then hit the switch; if soft-blocked 
then rfkillunblockall will usually get your connection 
up again. 

As we said, these things happen, so if it happens 


Everything is a file, even connected 
devices - that’s the Linux way. In the 

Eighties many Unix systems kept binary 
configurations, but inspired by the Plan9 
operating system, Linux put most configuration 
information in text files. Knowing where they are 
and what to do with them means your text editor 
also becomes a powerful tool in checking, fixing and 
maintainingyour Network. 

This starts at the hardware level - physical 
interfaces are found under /dev, and /proc exposes 
the configuration of installed PCI buses and devices 
to be read by Ishw when you call: 

| lshw -C network 

.. .to check the logical name entry to use with tools like 
ethtooland ifconfig. 

It’s not always simple though. When swapping 
between Red Hat and Debian/Ubuntu based 
machines, the ethernet interface on our Ubuntu 
machine was configured in the file /etc/network/ 
interfaces, while the Fedora 20 laptop’s NIC was / 
etc/sysconfig/network-scripts/ifcfg-eml, sharing a 
directory with ifcfg-*** files for every wireless hub to 
which we had ever connected it. 

Linux’s everything-is-a-file approach also means 
that if you have issues with hardware, they can 
often be solved with a text editor. For example, if the 


Where Am I? 

If you are familiar with whoami, which tells you which 
user you’re currently logged in as - handy if you su 
or ssh a lot and risk losing track - you may expect 
whereami to tell you the name of the machine you’re 
logged into. Not so; to do that you type hostname, 
which reads /etc/hostname. 

Whereami is a set of useful scripts for detecting 
which network you’ve got your laptop plugged into and 
configuring it accordingly. Particularly handy forthose 
who run lightweight window managers and distros 
without all the bells and whistles to quickly click on 
a choice of available Wi-Fi networks, italso lets you 
tweak known networks with scripts as well as adapt 
to new connections with minimal intervention. 

Runningthis may help you avoid some connection 
hassles in the first place, and it’s more flexible 


kernel isn’t loading the module for your NIC then / 
etc/modules, or a similarly named file on your distro, 
is the place to add not just modules to load but also 
alisases to the device's name, if that’s what is causing 
the error: 

| alias eth0 b44 

DNS again 

DNS is accessed by the resolver routines - read the 
config file /etc/resolv.conf to know where to search. 
Look at the file on your laptop and you may see 
something like: 

| As an example your cat /etc/resolv.conf may 
| # Dynamic resolv.conf(5) file for glibc 
resolver(3) generated by resolvconf(8) 

| # DO NOT EDIT THIS FILE BY HAND — YOUR 
CHANGES WILL BE OVERWRITTEN 
| nameserver 127.0.1.1 
| search Home 

The 127.0.1.1 (rather than 127.0.0.1) is a pointer to a 
PC running dnsmasq that is a lightweight forwarding 
DNS server under the control of NetworkManager. In 
distros without this, dhclient will grab the address of 
the DNS server from the DHCP server. 

It is best to use /etc/resolvconf/resolv.conf.d/base 
to place an entry like the following: 

| nameserver 8.8.8.8 
| nameserver 8.8.4.4 

...for automatically writing to /etc/resolv.conf. 


Then running resolvconf -u (as root or with sudo) 
will update resolvconf. 

A closer look at /etc/resolv.conf shows it to be 
a symlink to /run/resolvconf/resolv.conf, which is 
where dnsmasq writes it. To temporarily remove 
dnsmasq, try commenting out its entry in /etc/ 
NetworkManager/NetworkManager.conf. 

DNS servers are queried in the order they appear 
in your /etc/resolv.conf file - put the one you want 
to try out first and/or comment out the remainder 
by placing a # at the beginning of its line so that the 
resolvconf ignores it. 

Opennicproject.org and http://freedns.zone 

offer DNS with no redirects and no logging, which 
is essential if you live in a place where what you do 
online is monitored or restricted. 

Rounding off config files by returning to IPv6, it can 
be removed systemwide by editing/etc/modprobe.d/ 
aliases to add: 

| alias net-pf-10 ipv6 off 
| alias net-pf-10 off 
| alias ipv6 off 

...and rebooting. If you rule it out as a problem, 
rememberto put it backagain: 

| alias net-pf-10 ipv6 

“Smile because it 
wasn’t serious” 
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Fix network problems 

Using these four apps will help you pin 
down and fix a number of networking issues 


(Telnet to) Netcat 


Netcat does everything that the humble telnet does 
plus much more, but you may find yourself on a box 
without netcat, so we’ll start with an example from old- 
schooltelnet. 



m Humble telnet 

If you started using computers after the 
Nineties, when telnet was replaced by SSH in 
a suddenly far less secure world, you may have 
dismissed it as a relic from the past. But telnet lives 
on as a useful diagnostic tool available from any 
distro, connecting to specific ports to see what’s open 
and working. 



AO Enter netcat 

Wfc If you can install netcat (nc) then you won’t 
fall back on telnet much, as it combines the simple 
testing abilities of telnet with abilities to do almost 
anything with TCP, UDP or Unix-domain sockets: 
open TCP connections, send UDP packets, listen on 
arbitrary TCP and UDP ports and port scan. 


Port scan 

w w While it’s not good manners to check every 
port on someone’s machine to see what’s left open 


(a portscan), it’s useful on your own machines both 
for security (‘that shouldn’t be open’) and diagnostics 
(‘that should have been open and listening’). Try 
running something like nc -vnzu 192.168.0.1 1-65535 
to do this. 



A/ Pass the port 

w“T One useful nc trick is to quickly set up an 
impromptu server listening on a particular port, to 
check there is nothing impeding a connection on that 
port between you and the server. In the image above, 
we set nc as a one-off web server and read info on the 
host that connects to it. 


r Traceroute 


You might not think about how the Internet works 
while you’re using it, but traceroute lifts the lid on 
where your packets are travelling - showing the 
time packets take to reach each gateway machine 
between your machine and the server. 


ft A Follow the hops 

w I Traceroute tests each hop between you 
and the destination host. Although not always 
conclusive, output shows where problems may be 
occurring. While the screenshot shows the default 


number of hops and packet size, you ci 
that with: 


traceroute -m 255 wikipedia.org 7 


ft*} Journeytimes 

Wfc Those times displayed in ms are the 
round trip times to each host for three packets 
sent. Adjust the number of packets with -q - for 
example, -ql sends just a single packet. A longer 
time from the UKcould be a channel hop. 



set of asterixes is an unreachable host 
but mtr provides a continuous traceroute to help 
to detect intermittent problems. You may only be 
able to fix problems found in your own networks, 
but knowing where the problem lies could help to 
generate a route around fix. 

ft I Blocked ICMP 

w™T As we mentioned with ping, some systems 
administrators block ICMP, so standard traceroute 
won’t work. Tcptraceroute provides a traceroute 
through TCP instead of ICMP. 
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Dig 

We’ve used the -n option a lot in this tutorial, as DNS issues can 
easily cloud other problems. Once you’ve cleared up suspected DNS 
problems on your machine with the resolver, it’s time to reach out 
through the hierarchical world of DNS servers to check everything is 
as it should be. Nslookup and host perform simple searches, but dig is 
the most flexible tool available. 

m Address search 

Nslookup may be sufficient for resolving an address or 
checkingthat you can, but for useful information about DNS servers 
and their recursive connections across the Internet, fire up dig, 
whose flexibility means that it repays a little time spent getting to 
know some of its options. 



Names are served 

Wfc By default, dig returns A records, but it can be used 
to check other record types such as MX (mail servers). In the 
screenshot above we have used NS to find the nameservers for 
a named domain. 


Hierarchical 

WW DNS is hierarchical, with the TLD (top level domain), 
such as .com or .org.uk queried first, then the name part. With 
searches taking place recursively there’s plenty of room for errors 
- or even malicious attacks. “Dig +trace” shows you the successive 
hierarchical steps taken by yourquery. 



f\I +short option 

Hierarchical searches output a lot of information that 
you probably don’t need - even from a standard DNS lookup 
you may only want the IP address. The +short option gives 
you just such an abbreviated output, which is also very useful 
in scripting searches. 


’ Wireshark 

Liketcpdump, Wireshark can dump packets 
analysis - slightly over the top for minor 
bottlenecks in the system. In most distros 
console version packaged astshark.Trythen 


om the network, but it also performs interactive 
networking problems, but handy for locating 
/ireshark will be the GUI (Gtk) version, with the 
both so you can adapt to whichever is best when 


There ere no Interfaces on which a capture can be done. 


ispite the baffling number of optic 
g interfaces from the Capture mem 


AO Portable troubleshooting 

Wfc As Wireshark is useful for detecting many problems with packet loss or latency, 
and won’t be installed everywhere you go, you can avoid the dance around superuser 
permissions by carrying it around on a USB livedistro. 


AA Filter cut 

ww Looking at the raw data is overwhelming and even the choice of filters is large, but 
you can right-click a suspicious entry and use that as the basis for a filter, or do the same 
from the filter hierarchy. Simplest case, you’re lookingfor a particular protocol - say DNS, or 
perhaps something encrypted via TLS-so you just putthat in thefiltertoolbar. 

A/ Command line shark 

On your VPS, or other non-GUI box, tshark is functionally equivalent to Wireshark. 
It’s worth installing after Wireshark and then getting familiar with, so you are prepared if you 


“Looking at the new data 
is overwhelming” 
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BECOME A 

CERTIFIED 


SYSADMIN 



+ 27 Skills 
to master for a 
perfect exam score 

We speak to Jim Zemlin and certification 
experts at The Linux Foundation to find out 
more about its acclaimed SysAdmin exam 
- and how you can pass it with flying colours 
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Linux continues to grow as industry 
after industry demands faster, more 
complex technologies to support 
them. Linux adapts faster than any other 
operating system because it is open source, built by 
a global community of thousands of developers and 
companies. From mobile and embedded devices to 
cloud computing, supercomputers and consumer 
electronics, Linux is the fastest-growing platform in 
the world. 

So it should be no surprise that we need more 
qualified systems administrators and engineers 
who can support Linux-based systems and 
enterprises. In fact, our need as an industry is 
desperate and the Linux Jobs Report underscores 
this need year after year, reporting that nine out 
of ten managers are hiring Linux talent every year 
but that most are having a difficult time finding 
qualified pros. In the latest Linux Jobs Report 
(bit.ly/12yeyfq), 86 percent of Linux pros said 
that knowing Linux has given them more career 
opportunities. 64 percent said they chose to work on 
Linux because of its pervasiveness in modern-day 
technology infrastructure. 

To address this industry shortfall in the number 
of qualified Linux professionals that are available 


to hire, this year The Linux Foundation launched a 
new accreditation scheme that formalises the Linux 
SysAdmin and Linux Engineer roles and provides 
a standard by which potential employees can be 
measured. Consisting of two qualifications - Linux 
Foundation Certified SysAdmin (LFCS) and Linux 
Foundation Certified Engineer (LFCE) - the program 
centres around an online examination for each that 
requires candidates to demonstrate their knowledge 
and skills in a practical manner that is more relevant 
to the realities ofthejobs in question. 

The $300 exams are performance-based, testing 
candidates’ proficiency with the command line 
through a browser-based terminal emulator. Being 
browser-based, these exams can be taken on any 
computer and at any time - a key advantage of the 
accreditation scheme - and are moderated in real 
time by means of a webcam connection between the 
candidate and an exam invigilator, with a two-hour 
time limit for the exam. Furthermore, the exams are 
distro-agnostic - candidates can choose to sit the 
exam in Ubuntu, openSUSE or CentOS. 

Upon completion of the exam, successful 
candidates are awarded a digital badge - one of the 
two shields seen in the System Administrator and 
Engineer boxouts below - which can be displayed on 




System 

Administrator 

What exactly does a Linux Foundation 
Certified SysAdmin do? 


Engineer 

How is a Linux Engineer different from a 
System Administrator? 


A Linux Foundation Certified System Administrator 
(LFCS) has the skills to do Dasic to intermeaiate 
system administration from the command line for 
systems running Linux. Linux Foundation Certified 
System Administrators are knowledgeable in the 
operational support of Linux systems and services. They 
are responsible for first line troubleshooting and 
analysis, and decide when to escalate issues to 
engineeringteams. 


A Linux Foundation Certified Engineer (LFCE) possesses 
a wider range and greater depth of skills than the Linux 
Foundation Certified System Administrator (LFCS). 
Linux Foundation Certified Engineers are responsible for 
the design and implementation of system architecture. 
They provide an escalation path and serve as Subject 
Matter Experts (SMEs) for the next generation of system 
administration professionals. 
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Letter from The 
Linux Foundation 


The demand for Linux talent is 
real and growing. Linux is now 
prevalent in highly significant 
areas such as the cloud, servers, 
mobile and the Internet of Things, 
in addition to sometimes less 
visible but extremely pervasive areas including 
embedded devices, supercomputers and the 
automotive industry. 

As demonstrated by the annual Linux Jobs 
Report from The Linux Foundation and Dice.com, 
77% of hiring managers had ‘finding Linux talent’ 
on their list of priorities in 2014, up from 70% ayear 
earlier, and 46% are beefing up plans for recruiting 
Linux talent, upfrom 43% in 2013. However, 
many organisations in the Linux community have 
reported difficulty in not only findingqualified 
candidates, but finding enough professionals 
looking for these positions to begin with. 

This is why in August 2014, after two years of 
research and consultation, The Linux Foundation 
launched its first ever certification exams for 
SysAdmins and Engineers. These exams are 
distribution-neutral and available to take at any 
time, from anywhere with a webcam and Internet 
connection, providing access to many people 
around the world who could not previously 
receive a certification simply due to geographic 
constraints. Coupled with the Foundation’s 
existing training efforts, includingthe wildly 
popular and free Introduction to Linux course on 
edX, the certification program strives to increase 
the available pool of Linux talent and provide 
hiring managers with a clear way to determine if a 
candidate is qualified for a given position. 

In just a few months, several thousand people 
have taken or registered for a Linux Foundation 
certification exam. This has also prompted many 
professionals to brush upon their SysAdmin 
skills by registeringforthe Foundation’s LFS220, 
a Linux System Administration course, which 
is now bundled with a SysAdmin certification 
exam at the end. And to help enable even 
more professionals to take advantage of the 
opportunity to become certified, in January 
2015 The Linux Foundation will launch a self- 
paced preparatory course forthe SysAdmin 
certification exam, offering the same content at 
a lower price and more convenient format. 

There is still more work to be done, but 
training new Linux professionals and certifying 
them to demonstrate their talent and abilities to 
employers is one step in meeting the needs of an 
expanding and diversifying community. Judging 
by the growing interest ana involvement in Linux, 
the future looks bright indeed. 


- Clyde Seepersad 

General Manager of Training & Certification 
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Job hunting and 
CV writing tips 


Training is just the first step - the next 
one is to find your first job 

Once you’ve got the training, how can you start 
looking for a job?There are two main parts to this: 
puttingtogetheragood CVand puttingyourself out 
there on the job market. The latter can be done in 
multiple ways - applying to computing workjob sites, 
setting up a Linkedln account or sending out CVs to 
prospective employers. 

Look for specialist tech recruiters over general job 
boards, as you’re more likely to find good jobs in 
the IT sector. As people to fill Linuxjobs are in high 
supply, try and find a site that lets you submit a CV so 
recruiters can find out about you without getting lost 
in any mailing system while trying to contact you via 
third party means. A Linkedln can also be essential, 
as many recruiters will search it for prospective 
employees with the right skills. 

As for a CV, keep it short and to the point. One page 
is ideal: include your essential contact details, 
computing education and any jobs that are relevant 
to SysAdmin positions. 


■Jim Zemlin believes that access to 
learning is more important than ever 



CVs, portfolios, personal websites, Linkedln profiles 
and anywhere else that candidates are advertising 
their qualification as a Linux professional. With the 
full strength of The Linux Foundation's support 
behind them, these small badges will become 
weighty markers of aptitude in the coming months 
and years. 

As we write this at the tail-end of 2014, the 
certifications are continuing to make waves as more 
and more Linux users decide to take the step and 
sit the exam. The next Linux Jobs Report is due in 
February 2015 and it will be interesting to see how 
much of an impact this year’s focused recruitment 
drive from The Linux Foundation has had on the story 
that it usually tells of our industry’s search for talent. 
In the meantime, however, you can hear more from 
the Foundation itself about its certification exams 
and the Linux job markets. 

“Based on the four-year trend of the Linux Jobs 
Report data and the conversations we’re having with 
hundreds of companies all over the world, we expect 
demand to increase," says Jim Zemlin, executive 
director of The Linux Foundation, when asked about 
the predicted demand for Linux SysAdmins in the 
near future. “Linux is poised to drive technology 
innovation across industries for decades to come.” 
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■ The Intro to Linux MOOC is free thanks to 
the edX/Foundation partnership 


Industry demand for talent is one thing, but we’re 
also curious as to whether a pre-existing demand for 
Linux SysAdmin and Linux Engineer qualifications 
played a part in the launch of the accreditation 
program. We asked Zemlin how many people make 
use of the Foundation’s training resources and 
whether the LFCS exam is something that people 
had been requesting: “Many members of The Linux 
Foundation - both individuals and organisations - 
have told us they would like to see a neutral, highly- 
regarded certification developed to make it easier 
to identify Linux talent,” he explains. “Additionally, 
we have seen training course enrolments trending 
positively, as best demonstrated by the nearly 
300,000 people who have registered for our free Intro 
to Linux course on edX." 

Previously a $2,400 course, the renowned 
‘Introduction to Linux’ MOOC (massive open online 
course) launched earlier this year for free - the fruit 
of a partnership between The Linux Foundation and 
edX and, in a way, a test bed for the SysAdmin and 
Engineer accreditations, with its similar ‘anytime, 
anywhere’ structure. Students can opt to fully 
enrol in the course and pursue a paid-for Verified 
Certificate of Achievement, which costs $250, or 
to ‘audit’ the course, essentially working through 


the material at their own pace but without any 
resulting qualification. In the relatively short space 
of time since the free course launched it has already 
become wildly popular, and a significant majority of 
its users optto audit the course forfree. 

We asked Zemlin whether, given the historically 
self-taught nature of Linux professionals (whose CVs 
often pale in comparison to the wealth of experience 
permeating their anecdotes), a formal qualification 
is something that employers necessarily look for: 
“As Linux has grown and become more pervasive 
among the world’s largest and most technically 
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“Demand for Linux SysAdmins 
and Engineers has skyrocketed” 


complex enterprises, the demand for professional 
Linux SysAdmins and Engineers has skyrocketed,” 
Zemlin replies. “Certification provides employers 
with a way to know they are working with the most 
qualified talent. Certainly many Linux pros will 
continue to be self-taught; the certification allows 
them to demonstrate just how good they really are 
and move them to the next level of their career and 
earning potential. 

“The biggest benefit of LFCS certification,” 
Zemlin continues, “is being able to demonstrate 
to employers that you are among the best 
Linux talent on the market. And a Linux 
Foundation certification is a vendor-neutral, deeply 
technical program that affirms the credibility of this 
talent.” It’s a compelling argument - while Red Hat 
and SUSE, for example, both offer various Linux 
training programs, examinations and workshops 
that are very popular among professionals, this 
training is necessarily entwined with these two 
vendors, and beyond the elementary edX course 
there was no recognised vendor-neutral Linux 
qualification available to those seeking to bolster 
their skills and CVs before the launch of LFCS 
and LFCE. The Linux Foundation is the definitive 
neutral entity when it comes to Linux, and its 
official qualifications carry the full weight of its 
sterling reputation. 


We asked how much their exams were informed 
by similar accreditation programs, such as those 
offered by Red Hat and SUSE, and the answer was 
unequivocal: “The exams were informed by The 
Linux Foundation and a committee of 20 industry 
experts, from more than ten countries across the 
Americas, Europe and Asia, to identify the critical 
skills, knowledge and abilities applicable to each 
certification. The exam items themselves are 
written by a group of ten or so external experts 
and are updated on an ongoing basis to match 
the required competencies.” Elaborating further, 
Zemlin said, “We are in a unique position to help 
increase the number of skilled Linux professionals 
to meet growing demand. We don’t take this 
responsibility lightly and have approached the 
design of our certification program with attention 
to the highest quality exams and most rigorous 
review of the material, which has been informed by 
a global committee of experts.” 

It’s invigorating to hear that the standards are 
so high, and that the Foundation is working so 
actively to address the SysAdmin skill gap in the 
industry - we’d expect no less. But where does 
this leave the examinees - is the exam only really 
viable for existing SysAdmins looking to formalise 
their experience, or can it also be a springboard 
for younger talent hoping to secure their first 
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■ Attending one of the many events like 
LinuxCon is a great way to start networking 


27 SysAdmin 
skills to master 


Here’s what you’ll be expected to 
demonstrate in the LFCS exam, 
plus the issues of Linux User & 
Devloper in which you can find the 
relevant tutorials 

Local system administration 

» Creating backups 
» Restoring backed-up data 

• 113 Backup Masterclass 

• 121 Fullsystem backups with Clonezilla 

• 146 Back uptothecloud 

» Managingthe startup process and related services 

• 120Createand manage bootscripts 
» Managing user processes 

• 081 SystemTap 

» Creating local user groups 
» Managing file permissions 
» Managing fstab entries 
» Managing local users accounts 
» Managing user accounts 
» Managing user account attributes 
» Setting file permissions and ownership 

• 139 Sysadmin Masterclass (the above seven) 

Local security 

» Accessing the root account 
» Using sudo to manage access to the root account 

Shell scripting 

» Basic bash shell scripting 

• 142 Write useful bash scripts, part 1 

• 143 Write useful bash scripts, part 2 

• 144 Write useful bash scripts, part 3 

Software management 

»Installing software packages 

• 086 H ow to com pile software 

Command line 

» Editing text files on the command line 

• 085,086,087A bash atthecommand line 

» Manipulating text files from the command line 

Filesystem and storage 

» Archiving and compressingfiles and directories 
» Assembling partitions as RAID devices 
» Configuring swap partitions 
» File attributes 
» Finding files on the filesystem 
» Formattingfilesystems 
» Mounting filesystems automatically at boot time 
» Mounting networked filesystems 
» Partitioning storage devices 
» Troubleshooting filesystem issues 

• 111 Perfect Dual Boot (all of the above) 
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■ 2014 was the year of Enterprise Linux, 
which means more SysAdmin roles to fill 


SysAdmin job? “Most of those who have taken 
an exam already have had experience as a Linux 
SysAdmin or Engineer,” explains Zemlin. 'There is no 
reason that someone cannot study and prepare then 
pass the exam without experience in a workplace, 
though; it will just require more preparation on their 
part. This is one of the reasons The Linux Foundation 
is expanding training course options.” 

According to the Foundation, several thousand 
people have already enrolled for the LFCS exam, 
and so far hundreds have successfully completed 
it; initial pass rates have been around 60%. Given 
all the feedback that has been received to date, we 
asked what people thought were the strengths of 
the exam: “The top strength noted by test takers is 
that the exam is performance-based rather than 
multiple choice. This demonstrates actual working 


knowledge of Linux systems. It also means there 
may be more than one correct way to answer a 
question. The goal is not to choose the correct 
pre-formulated answer, but instead to adequately 
address a challenge. 

“Other than that,” continues Zemlin, “exam takers 
have noted the exams are very comprehensive, 
requiring them to demonstrate detailed knowledge 
of a variety of tasks. Finally, the ability to take the 
exam at a convenient time from anywhere with 
a webcam and Internet connection has enabled 
many to take an exam who could not become 
certified previously without travelling far away 
to a testing centre. The exams are also 
distribution-flexible, which test takers have 
acknowledged is very welcome.” 

Performance-based testing is highly appropriate 
to the skills being tested, so it’s no surprise that this 
has been identified as a key strength. It is reassuring, 
however, to hear that the Foundation’s decision to 
run these exams online is paying dividends, and 
that people are pleased with both the ‘anytime, 
anywhere’ accessibility and the choice of distros that 
can be used to sit the exam; perhaps, in time, people 
will begin to request other distros such as Fedora 
and Debian, but the core selection is sound. 

What about limitations, then? We asked whether 
you could really go into your first job as a Linux 
SysAdmin upon successfully completing the exam. 


or whether there are any key areas of the syllabus 
that would need to be followed up afterwards before 
you could realistically begin working. The answer was 
clear and confident: “Generally, if you have the skills 
to pass the LFCS exam, you are qualified to work as 
a Linux SysAdmin. Depending on the specific role, 
you may need more hands-on training, but certainly 
for entry-level positions the exam provides sufficient 
demonstration of abilities.” 

If you’re curious as to what those skills are, just 
take a look at ‘27 SysAdmin skills to master’ on page 
29 - this details every subject covered by the LFCS 
exam, and we’ve turned it into a reading list of Linux 
User & Developer tutorials for you to work through. 
The Foundation can help you prepare for your exam, 
too - returning to the mention of “expanding training 
course options", our next question was whether the 
Foundation has any plans to run more live sessions, 
such as workshops, webinars and even one-to- 
one sessions. Zemlin’s answer was intriguing: “We 
currently offer training for SysAdmins which can 
help with the exam; however, in early 2015 we will be 
launching a self-paced, online prep course bundled 
with an exam, making course prep easier to access 
for everyone regardless of geographic location.” We 
can see an ‘Introduction to Linux’-style prep course 
working very well indeed. 

While the Foundation does not plan - at this 
time - to differentiate the course into different skill 
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“In early 2015 we will launch a self- 
paced, online prep course bundled 
with an exam” 



■ Continuing Education credits mean that 
Red Hat training can keep you validated 


levels, such as the Junior, Advanced and Senior 
levels identified in one of its infographics (training. 
linuxfoundation.org/sysadmin-evolution), there 
are rumblings of new certification paths. When 
asked about the possibility of other qualifications, 
such as Linux Foundation Certified OpenStack 
Engineer (for example), Zemlin said: “Our goal is to 
develop additional programs for certification but 
no decisions have been made yet. We are very open 
to receiving suggestions from the community on 
areas where new programs would be valuable.” 
Much will hinge on the continued success of LFCS 
and LFCE over the coming year, for sure, but we can 
be relatively confident that should the Foundation’s 
new qualifications prove themselves to be industry- 
recognised badges of quality, this methodology will 
be applied to other areas of the Linux industry and 
begin to address demands for proven professionals 
in other specific areas. 

So what’s the next step? According to Zemlin, 
The Linux Foundation will continue to strive to 
increase access for candidates in order to help 
them gain the necessary knowledge to take and 
pass an exam. Furthermore, it will continue to 
update the content of the exams to ensure that they 
remain relevant. “Additionally," continues Zemlin, 
“later this year we will be launching Continuing 
Education credits that will enable professionals 
to maintain their certification without retaking 


an exam by participating in accredited courses, 
sessions and events.” 

The Linux Foundation website details two 
ways in which certification holders can renew 
their qualification: achieving the higher-level 
LFCE certification, which extends the expiration 
date of the LFCS certification to match that of 
the new one, and completing at least 16 hours 
of Continuing Education. Continuing Education 
credits are a means by which candidates can 
continue their education via The Linux Foundation’s 
training resources while simultaneously renewing 
their existing qualification, without the need to 
re-sit the same exam. Currently, there are two 
primary sources of Continuing Education credits: 
advanced training courses from the Foundation’s 
Developer and Enterprise curriculums (i.e. those 
with a Foundation course code of 300 or higher, 
such as LFD320), and approved training from a 
Linux Foundation Authorised Training Partner or 
an established Linux training provider such as Red 
Hat, SUSE, IBM, Oracle or HP. Any combination of 
approved courses can be followed, and candidates 
will need to submit an application (available from 
the Foundation on request) for the Continuing 
Education credit that provides evidence of this. 

With The Linux Foundation ready to roll out the 
new prep course and a variety of solid Continuing 
Education paths to fallow already in place, the 
way forward looks clear indeed. If you are planning 
to embark on a career in Linux as a SysAdmin or 
Engineer then there has never been a better time to 
set out than now - the Linux Foundation is actively 
looking for you and looking out for you on the road 
ahead, not to mention the employers at the end of 
that road. 

Once you’ve registered and paid for the exam, you 
can schedule to take it at anytime within 12 months 
of your purchase - so work through our tutorials 
and make sure you’ve mastered the skills that will 
be tested; identify the areas in which you need 
further guidance and make use of the Foundation’s 
excellent resources to fill that knowledge gap; read 
the Certification Preparation Guide (bit.ly/1vYLKJ3) 
and familiarise yourself with the exam setup; then 
commit yourself and schedule that exam. You’ll 
be glad you did so in a year’s time - the industry 
certainlywill. 


Get prepared for 
your exam 

The Foundation’s Certification 
Preparation Guide has some very 
useful tips for success: 

Your system The exams are overseen live via 



free environment forthe nexttwo hours and b< 


led photo ID (like a passport) is handy i 


muscle memory accidents; Ctrt+C/V, for exam 
not supported. Oncoyou begin the exam, reme 
that you don’t need to complete the Sections o 
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Get rock-solid 
defences on 
your systems 
and networks 



A couple of issues ago 
wetookagood lookat 
privacy and showed you 
a number of ways to help 
protect yourself from 
advertisers, doxxers and 
other online threats. That 
was a great start, and 
by now you should be 
browsing online privately, 
using encrypted tools for 
online communication and 
starting to clean upyour 
online footprint. If you 
missed that feature, just 
grab issue 147 from our 
online store: 
bit.ly/lsCHWgO 


Linux has a well-deserved 
reputation for being 

incredibly secure in 

comparison to operating 
systems like Windows and OS X. 
However, that said, you can’t simply 
rest on your laurels and assume that 
your computer is impervious to attack 
- especially in the wake of security 
scare stories over the course of the 
last few months such as Heartbleed, 
Shellshock and the Turla malware, as 
well as the ever-present threat of more 
direct system and account intrusions. 

This month we’re going to tackle 
security on a number of fronts. First 
up we’ll go through good password 
practice with a fine-tooth comb, 


picking out everything that you need 
to know and showing you how to create 
super-safe passwords. We’ll then 
take a look at client-side security by 
running through the optimal settings 
for your machine and suggesting 
ways for you to ensure everything 
important is protected. Networks 
are next - we’ll explain how to build 
firewalls and properly set up and 
control your ports, then go through 
the principles of penetration testing. 
Finally, we’ll return to online matters 
with a look at securing your various 
accounts, including using two-factor 
authentication, and then locking down 
any information that could potentially 
be used to hackyour accounts. 
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One of the most important steps 
in keeping anything secure is to 
create a very strong password that 
is difficult to crack. While movies will 
tell you enterprising hackers just need 
to look around your office to figure out 
your password (“it’s his son's name 
- easy”), the most common method 
of password cracking is a brute force 
attack on the server and the username. 

Under a brute force attack, short 
passwords, unmodified dictionary 
words and anything on top password 
lists will succumb very quickly. In terms 
of length of password versus time to 
crack it, the hours and days needed 
to successfully discover a password 
are always going down thanks to 
advancements in CPU speed and 
bandwidth. Using simple alphanumeric 
passwords are increasingly insecure, 
even if they’re as long as ten characters. 

Let’s start with a password then 
and modify it - a non-dictionary word, 
reasonably long. Plucked out of the air 
we have: 

[ dwanton 


- Seven characters, loi 


se letters 


Dwantonl 


Creating an invincible 
1 m password is the first step to 
securing everything 


HOW SECURE IS MY PASSWORD? 



Time to crack: two seconds 

Seven is quite short. If you’re using 
it online, most websites require a 
minimum of eight letters, a capital 
letter and a number. This improves the 
quality of the password, both off- and 
online. A basic modification would be: 


Time to crack: 15 hours 

Doing a lot better! The password 
is immediately exponentially 
secure, although 15 hours is still not 
that long. We can do better by adding 
a symbol to the mix in an easy-to- 
remember location: 

[ Dw@nton1 


Time to crack: 3 days 

Another big jump to three days. In 
theory, most people would give up 
by now, but as we’re dealing with an 
automated brute forcing, that won’t 
matter. We’re at about as secure as 
we can be with an eight-character 
password in terms of brute force, and 
the T at the end is a bit basic. By just 


“Using simple 
alphanumeric passwords 
are increasingly insecure” 



Time to crack: 275 days 

275 days is quite a while, but it’s still 
doable for persistent crackers. Adding 
a symbol, letter or number to the end of 
this password will increase its lifespan 
to 58 years. 58 years is a massively long 
time for someone to be trying to crack 
your password without upgrading their 
hardware and software or forgetting 
about it. So here’s an example of an 
excellent starter password idea: 

Dw@nton12* 

We say starter, as while this is an 
excellent password, you shouldn’t be 
using it on every account that you have. 
If a list of passwords is leaked due to 
someone else’s insecurity, it doesn’t 
matter how long your password will 
take to brute-force if they already know 
what it is. If you hear of a leak, change 
your password immediately. 
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Now we have a basic password, it’s 
time to start implementing it online. 

Security experts say you should use a 
different password for every account. 
Services like LastPass can offer a 
convenient way of doing this with 
truly unique passwords per account, 
but you might not be comfortable 
with them. Human beings can only 
remember so many passwords; as 
you most definitely should not be 
making a note of these passwords, 
what we suggest is to modify the 
password based on what website 
you’re using it on. 

For example, let’s take Amazon. It 
has your credit card details so securing 
the account is extremely important. 
After the ‘Dw@n’ of the ‘dwanton’ 
base we have three characters to play 
with, so we could change them for our 
Amazon password. Here’s our working: 

Take the middle three letters of the 
site’s name (as Amazon is six letters 
long we will choose ‘maz’), and reverse 
the letters to ‘zam’. Now insert it into 


[ Dw@nzam12* 




n Effectively use your 

passwords online and employ 
other security measures 


LastPass CUD 

*un«n 

, _ mo 

The Last Password 

You Have to Remember 

The Secure and Trusted Way to Store Passwords 


•s 


Leading Encryption 

Local-Only 

Add Multifactor 

Technology 

Decryption 

Authentication 
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This still has the high level of security, 
but will be different from, say, eBay 
(Dw@nabe12*) or Github (Dw@ 
nhti12*), without being immediately 
obvious to whatever cracking program 
would then try and use that password 
on other websites and accounts. A 
smart enough human might crack the 
code, but this is only an example of how 
you can modify your password while 
still making it memorable to yourself. 

Security and Privacy 

Last issue we touched upon how to 
keep your details as private as possible. 
As well as brute force attacks, 
crackers can perform confidence 
and social manipulation tricks with 
phone support to deceive you, using 



Above LastPass won our password managers group test a couple of issues back 
Below Controllingyour visibility on platforms like Facebook is crucial to security 



to banking keypads. 
Turningthis on may be 
slightly inconvenient to 
some, but the peace of 
mind and added security 


any information they can gather from 
social accounts. Some of the privacy- 
orientated recommendations can 
help keep angles of attack secret from 
malicious people. 

Go through your social media 
accounts - Twitter and Facebook 
mainly - and look at your privacy 
settings. Make sure nothing sensitive 
is set to private, and even think of 
removing items that you don’t need on 
your profile, such as phone numbers 
on Facebook or location on Twitter. 
Most importantly, keep your main 


email address completely secret: 
never share it on Twitter unless via a 
DM to someone you trust and don’t 
keep it in your profile. For work email, 
use a different address and link as few 
accounts as possible to this email. 

Lastly, while an extreme step, you 
can always look at not using your real 
name on your more public social media 
accounts. Facebook won’t truly allow it 
for personal accounts, but everywhere 


;e you a 


d idea to use a 


pseudonym if you want to be as secure 
and private as possible. 
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Protect your local network 
from the occurence of 
external or local intrusions 



Below Some tools may be superfluous 
depending on how you use your system 
Left Changing settings in the router can 
really improve your network’s security 



Now you’ve secured your online 
life, it’s a good idea to look at your 
actual physical network of home 
or office PCs, laptops and other 
devices. Having a strong password on 
your Gmail account is one thing, but 
if someone can see exactly the kind 
of packets are going back and forth 
they can likely figure out what you’re 
looking at. Securing your network is 
an important step, but it’s also fraught 
with problems you may never know 
exist, especially when you’re trying to 
balance convenience with security on 
a system provided by an ISP. 

Shared folders, Samba servers and 
SSH access are very common within 
networks, allowing you access files 
and folders remotely. They’re also 
excellent attack vectors by those who 
can get into your network. Uninstalling 
or deactivating networking services 
you don’t use is a great way to increase 
security throughout your network. This 
is another convenience versus security 
debate - some networked devices 


(such as a Raspberry Pi or file server) 
you may wish to SSH into. That’s fine, 
just make sure that to access them, 
you require a strong password. Same 
with the Samba shares for distributing 
music overyour home network and the 
like. VNC you can probablyturn off and 
on via SSH so you only access it when 
you definitely need to. There’s a lot of 
thinking about how you interact with 
devices over the network in terms of 
network security that can help out. 

Network monitoring 

What if there’s activity over your 
network that you don’t know of and 
therefore can’t immediately fix? One 
of the best tools in any sysadmin or 
network security toolbox is Wireshark, 
or more specifically, the tshark 
command line implementation. 

Wireshark is a network package 
sniffer and allows you to track all the 
network traffic going on around your 
LAN. This can be used to figure out 
whats going on in your network that 




certain people. 


The Arch and Ubuntu wikis 
have some great guides: 
bit.ly/1yCwG4N (Arch) and 
bit.ly/1gd18ul (Ubuntu). 


you don’t know about, stray services 
and requests and data transfers that 
either you didn’t know about and 
simply turn off, to finding out some 
program is transmitting data that it 
most likely shouldn’t be. 

Router maintenance 

Your router, as the creator of your 
network, isn’t impervious to attacks 
either. As well as updating any default 
passwords, you should always make 
sure to update your router’s firmware 
as regularly as possible. Updates 
will include security fixes for any 
vulnerabilities that are present and 
should improve security across the 
router’s software overall. 

If your router allows it, you can 
also attempt to change the default 
IP addresses and range. If you’re 
using DHCP, this won’t matter to any 
connected devices, but changing the 
default network addresses from the 
common 192.168.x.x structure will stop 
other types of attacks on the network 
that specifically target the router. 
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Keep your desktop and 
other offline devices secure 
from prying fingers 


Online security and protection 
from online attacks are excellent 
deterrents for a large subsection of 
people, but your point of access - 
your PC - should be secure as well 
unless you want to have people 
snooping around yourcomputer. 

As before, a secure password is 
essential for your user account It’s a 
bit harder to brute-force this kind of 
password, but it’s still doable. Weigh 
up the importance of your files versus 
your own convenience to come up with 
a password that suits your needs, but 
still use the password creation tips to 
keep it as secure as possible. 

The root password shouldn’t be 
the same as a normal user password. 
Much like we suggested with emails, 
you should most certainly have a 
completely separate password for the 
root account. While logged in as root (su 
in the terminal) type ‘passwd’ and it will 
allow you to update and change your 
current root password. 

Some systems will also allow users 
to gain root access via ‘sudo su’, using 
sudoer privileges to just get into the 
root. If you’re serious about locking 
down your system then a big priority 
should be to modify sudoer access 
on all accounts on your system that 
can make use of it, especially for that 
particular use case. 



Malware 

Linux distros are generally far more 
secure than other operating systems, 
but they’re not immune to viruses 
and malware. In terms of security, 
keyloggers and other snooping 
software can be a big issue - these will 
help anyone figure out your passwords, 
making even the most random 
12-character monstrosities pointless 
when it can just be copied and pasted 
directly into the password field. 

Asides from ClamAV, there’s no 
real anti-malware software for Linux 
available; the best thing you can do is 
just stay vigilant. Use a little common 
sense when on the Internet and 
check your logs and running services 
frequently to make sure nothing 
malicious has installed itself. 

Protect your files 

Even with a good password, someone 
can just mount your hard drive or a user 
with higher privileges can easily read 
it. Encrypting a volume to specifically 
keep sensitive data in is a great way to 
make sure only you can access the files 
when you need to. Since TrueCrypt has 
become defunct, and was never really 
open source in the first place, we highly 
recommend using EncFS. 

It’s available in a few repos as encfs, 
so installing it is easy. Once that’s 


“The root password 
shouldn’t be the same 
as a user password” 



Above ClamAV is the best you’ll find in terms of anti-malware FOSS 

done, you can then begin setting up 
an encrypted location on your system. 
Open the terminal and then type: 


$ encfs '/encrypted -/Private 

This will create a folder called 
‘encrypted’ in your home directory 
that contains all the encrypted 
files, and then another folder called 
‘private’ which is where the files will 
be accessible once decrypted. Follow 
through with the little wizard that 
follows - the preconfigured security 
mode is very good and good enough for 
most people. 

Now, when Private is mounted and 
you have entered a password, you’ll 
be able to access the encrypted files 
straight from the encrypted folder. 
When it’s unmounted, the files will 
become encrypted once again; just 
remember to unmount after use. 
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Keep up to date on security 
concerns and learn more ways 
to keep your accounts safe 


Privacy Fix privacyfix.com 

As we mentioned earlier in the article, defending against a brute force 
attack is only one method in keeping everything secure. Hackers and 
crackers may also try social manipulation via telephone or email to get your 
information from banks and account support teams. You can minimise this 
risk significantly by keep more of your information private. 

Privacy Fix from AVG helps you monitor your different social accounts 
to figure out exactly what people can see and how easily they can see it. It 
allows you to plug holes in your accounts and tighten up your privacy and 
security in general. 

The applications work across multiple platforms, so you can keep control 
of these concerns on the go via mobile if something needs to be changed 
immediately. It covers Twitter, Facebook, Google+, Linkedln and many other 
account types. 

Linux Security linuxsecurity.com 

Linux Security is a news aggregate for anything related to security in Linux. 
Not only does it cover vulnerabilities, bugs in security software and other 
desktop and server security concerns, it also covers web security and think 
pieces that will keep you informed on the latest security stories. 

Keeping up with relevant issues in the security world can keep you ahead 
of the game and enable you to lockdown anything before athreat becomes 
viable. It’s not absolutely necessary for everyone, but even those slightly 
interested in keeping secure would do well to keep up with some of the 
current trends. 

There are also some other resources on the site, such as a security 
glossary for some of the more obscure terms and general security tips that 
anyone can use. 

Random.org random.org/passwords 

Coming up with a password or password base can be difficult. While we 
have the example in this issue, we implore you not to use it. However, if 
you’re having trouble coming up with your own base, or want a completely 
random and secure password for your email accounts, there are lots 
of websites that will enable you to securely and anonymously generate 
passwords that you could then slightly modify and use yourself. 

Random.org is such a website, where you can create a list of passwords 
of varying character length that are all very secure. Nothing is stored on 
their servers and all passwords are sent securely via SSL. The random 
algorithm uses ambient noise to create the password, which makes it 
slightly more difficultto decrypt using high-level cryptographictechniques. 

“Coming up with a 
password or password 
base can be difficult” 



Above PrivacyFix rounds up your online accounts into a single dashboard 



Above Linux Security is a news aggregate for anything related to Linux 
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Developer guide 

Essential tools for coders 


126 Build a Cacti plugin 

Develop your own Cacti plugin 

130 M o n ito r n etwo rk traffi c 
with Cacti 

Use your new skills to monitortraffic 

134 Co nf igu re vi rtual boxes with 
Puppet and Vagrant - part 1 

Make it simplerto develop all kinds of apps 

138 Configure virtual boxes with 
Puppet and Vagrant - part 2 

The second part to complete the tutorial 

142 Build games for Pebble 

Create agameforasmartwatch 

146 Connectyour Pebble game 
with Android 

Teach Flappy Tuxto get in touch with your 
Android phone 

150 Create your own VPN server 

Dial intoyourown network from anywhere to 
access yourfiles 

154 Render 2D and 3D graphics 
with WebGL 

Master graphics with your browser 

158 Generate complex graphics 
with ggplot2 

Learn howto impressively plot with R 

162 Master UNIX signal handling 

Utilise signals handling in C 

166 Build a RAID array 

Use RAID to create faster and more secure 
storage systems 

170 Continuously deploy web 
apps with Capistrano 

Move from testing to deployment 

“If you want to 
do something 
fast, then learn 
Three.js” 
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This is the full list of tables found in the Cacti database. It is 
worth getting used to them as they hold all Cacti data 


Hooks are required when developing Cacti plugins. Consult the 
Hook API Reference to see which hooks you should use 


Each Cacti plugin has a given architecture and structure. 
This output displays the files of a plugin named ‘clog’ 



Build a Cacti plugin 


Advisor 

MihalisTsoukalos is 

a UNIX system administrator 
also proficient in programming, 
databases and mathematics. He 
has been using Linux since 1993 

Resources 

Cacti cacti.net 

RRDTool oss.oetiker.ch/rrdtool 
Plugins docs.cacti.net/plugins 


i 


Develop a Cacti plugin that reads Cacti’s 
database and displays active TCP and UDP 
connections in a Cacti tab! 


In this article you will learn how to 
develop a Cacti plugin that reads 
data from the database and then 
presents it onscreen. You should have 
a working Cacti installation in order to follow 
the steps that are described here, be familiar 
with PHP programming, and have a working 
knowledge of MySQL so that you can write your 
own plugins. 

The presented example will try to be as generic as 
possible. The data will be acquired independently 
using cron, but it will be stored in the same 
MySQL database as Cacti. You can easily modify the 


PHP code to read data from an external file or from 
the Internet. 

We would strongly suggest that before you 
program your own plugins, you study existing plugins 
- starting with the one presented here - in order 
to understand the way they work. It is important 
to remember that all plugins have their own 
directory and a setup.php file. The setup.php file 
contains the code that connects the plugin with 
the Cacti plugin API as well as some other required 
PHP functions. 

As you will see. Cacti allows you to integrate all 
plugins into its web interface. 
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■ Feeling adventurous? Grab and burn the Windows 10 Technical Preview from bit.ly/1y8MoE2 


m About Cacti Plugins 

Each Cacti plugin must have its own 
directory. The central location for all plugins 
is a directory named ‘plugins’ inside the Cacti 
installation. On an Ubuntu distribution, its default 
path is /usr/share/cacti/site/plugins. As you 
will learn, it is recommended to move it to a 
different location. 



AQ Register hooks 

Wfc Go to your Cacti installation and select 
Plugin Management. The list should be empty as 
no plugins are installed by default. Every plugin 
needs to register for one or more hooks to use it. 
You can look into the setup.phpfile of a plugin to 
find out which hooks it registers. The PHP function 
that keeps this kind of information is called 
‘plugin_<PLUGIN_NAME>_installO’. Your plugin must 
follow a similar practice, so decide which hooks you 
will have to register. Always register the minimum 
number of hooks that does the job you want. 

Get and store the data 

ww Keep track of the number of active TCP and 
UDP connections on your local machine, and you’ll 
also need to be able to see the date and the time of 
each measurement. You’re going to need to store 
the data either in an external file or in a database. 
The choice is yours, but it would be easier to use a 
database as Cacti already utilises one. Then decide 
how you are going to get the data. Using an external 
script seems to be a generic option. 


“The solution is 
writing your own 
Cacti plugin to do 
the job” 


A/ Explore storage methods 

w“T The solution is writing your own Cacti plugin 
to do the job. This has many advantages, including 
the fact that you can customise it how you want. For 
simplicity, the plugin will read data from localhost 
and display it using a Cacti installation that can also 
be found on the same machine. A Perl script that is 
running as a cron job stores the required data in the 
database. If you find that the method you’re using to 
acquire your data is not suitable for your needs, you 
can use a different one. 



Do the required steps 

WW It’s considered a good practice to perform 
some actions before continuing with plugin 
installation and development. You should create / 
usr/local/share/cacti/plugins and move all contents 
from /usr/share/cacti/site/plugins there. Then you 
should remove /usr/share/cacti/site/plugins, which 
should be empty after the execution of the mv 
command. The last step is creatingthree soft links. 


| console ' graphs 

clog 

View Cacti Log 



Use the Plugin Management menu 

W The Plugin Management menu is where all 
plugin actions take place. 

After a successful installation of a plugin, a new 
tab will appear next to the Console and Graph tabs 
with the name of the new plugin. You should install 
and test your plugins one by one, because a broken 
plugin can break the whole Plugin Management 
menu. This fact is useful when developing new 
plugins because it allows you to detect critical errors 
in code inthe early stages of the process. 


Linux & Open Source Genius Guide 127 


















Developer guide 



Install or remove an existing plugin 

W # Before installing an existing plugin, you 
should first download it. Once downloaded, you 
will be able to install the plugin by putting the files 
into the plugin directory. It will then automatically 
appear on the Plugin Management menu. Next, 
press the Install Plugin option on the Actions 
column. To use it, you must also press the Enable 
Plugin button that will appear next. There is also an 
Uninstall Plugin button that you should use in case 
you want to remove a plugin at a later point. After 
disabling, go to the plugins directory and remove 
the plugin directory manually. 



AQ Create a new plugin 

wO For a plugin to work properly, two files 
with given filenames are needed - setup.php 
and index.php. A plugin may contain more files 
but without these two, it cannot work. Cacti 
detects a plugin if it finds a setup.php file inside 


its directory. There should only be functions inside 
the setup.php file, therefore don’t enter any code 
that runs automatically. The best way to learn new 
techniques and improve your own plugins is by 
reading the code of existing plugins. 

AQ Develop the plugin 

w w The root directory holds the files and the 
name of the plugin will be ‘connections’. Note that 
the plugin name must always be in lower case. It 
is mandatory for the setup.php file to implement 
particular functions to work. For the connections 
plugin, the required functions to use are: plugin_ 
connections Jnstall, plugin_connections_ 

uninstall, plugin_connections_version and plugin_ 
connections_check_config. You will also need a 
function named connections_version(). The best 
way to find errors or missing functions is to look at 
the log files of your web server. For example, the 
connections_version() function can be found in the 
following error message: 

| [Sat Dec 06 20:19:52.065906 2014] terror] 
[pid 2359] [client 10.0.2.2:62765] PHP 
Fatal error: Call to undefined function 
connections_version() in 
| /usr/share/cacti/site/plugins.php on line 
303, referer: http://mbl3:3023/cacti/ 
settings.php. 


4 1 Finish the connections plugin 

I w After you finish with the basic setup, the 
plugin is at a working state and has the minimum 
number of files and functions. At this point, it 
doesn’t return any interesting data but just prints 
the current time and date. Additionally, it is not 
properly integrated into Cacti’s user interface. If you 
press the tab it will show the current time and date, 
but you will be out of the Cacti environment! Don’t 
worry though, as this will be fixed later. 

Get real data 

I I It’s time for the plugin to read a table from 
the Cacti MySQL database, get the desired data 
and then print it onscreen using a separate tab. 
The PFIP code will execute a simple SELECT SQL 
statement to get all data from the TCPUDP table. It 
will then format the data and present it onscreen. 
It’s important to remember that you can do 
anything you want with your data. You can display 
values that are bigger than a given threshold, put 
colour in the output, and more. 

Work with the MySQL database 

I ^ The Cacti database is directly available to 
your PFIP code so you don’t have to do anything else 
in order to use it. The connections plugin reads data 
from a MySQL database using the following code: 
$data = db_fetch_assoc(“ 


128 


lius Guide 












Linux & Open Source VV ✓ 

Genius Guide = 



SELECT * FROM TCPUDP ORDER BY DATE DESC”); 

All data from the TCPUDP table is stored in the 
$data variable. With the help of this, it is printed on 
screen. Being able to work with the Cacti database 
efficiently is imperative because you can read all 
the data that Cacti automatically stores there. 


“The Admin user is automatically 
granted permission to use every 
new plugin” 


Useimportantfunctions 

IW The simple plugin_connections_install() 
function does not contain too much code, but it 
is the most important function of the plugin. To 
understand how a plugin works, you should first 
look at its installO function. It is populated with apL 
plugin_register_hook() and api_plugin_register_ 
realmO function calls. The api_plugin_register_ 
hook() fu notion is called as follows: 

| api_plugin_register_hook(‘connections’, 
‘top_header_tabs’, ‘connections_show_tab’, 
‘setup.php’); 

The first parameter is the name of the plugin, the 
second parameter is the name of the hook you want 
to register, the third parameter is the name of the 
function you want to call when the hook is triggered 
and the fourth parameter is the name of the file 
that contains the preceding function. 


A i More details about the plugin code 

I “T The generaLheader.php file integrates 
your plugin into Cacti, so when you press the 
Connections tab you will still be inside the 
environment of Cacti. It is a standard file that you 
can copy from another plugin. To use it, put the 
follow ng code inside the connections.php file: 


| include_once(‘./plugins/connections/ 
general_header. php’); 


The connections_check_upgrade() function 
doesn’t currently do anything useful. Check the 
implementation of the upgradeO function from 
other plugins to find out more. 


A | Work with hooks 

I W To display your plugin using a separate tab, 
implement these two hooks. Both of them usually 
point to the same PHP function. The top_header_ 


tabs hook enables you to display your own tab along 
with an image when you’re in the console view, 
whereas the top_graph_header_tabs hook allows 
you to add tabs to Cacti’s user interface. To use the 
plugin when you aren’t in console view, register a 
realm in your setup.php file as follows: 

| api_plugin_register_realm(‘connections’, 

‘connections.php’, ‘TCP/UDP Connections’, 

i); 

The Admin user is automatically granted 
permission to use every new plugin. Even if the 
administrator is the only one that uses your plugin, 
you still need to register a realm for it. If you install 
the plugin without a realm then the tab simply won’t 
appear in Cacti’s user interface. Note that if you 
insert the realm in your PHP code while the plugin 
is active, you will need to uninstall and reinstall the 
plugin it for the realm to take effect. 
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■ Cacti’s Preview view shows all monitoring graphs and is an easy way to get a general overview of what you monitor 


Monitor network traffic 
with Cacti 


Advisor 



MihalisTsoukalos is 

a UNIX system administrator 
also proficient in programming, 
databases and mathematics. He 
has been using Linux since 1993 


Resources 

Cacti: http://cacti.net 
RRDTool: http://oss.oetiker.ch/rrdtool 
Cisco MIBS: http://bit.ly/1vTeQYA 
SNMPRFCs: http://bit.ly/1yv7QUe 


Learn how to install and configure Cacti 
in order to watch the traffic of a Cisco 
ADSL router using SNMP 


Cacti is an open source network graphing 
application that uses RRDTool - a data 
logging and graphing system for time 
series data. A router, by default, connects 
two different networks, and therefore it should have 
at least two distinct network interfaces. This article 
will use a Cisco 877W ADSL router that uses three 
interfaces: one for the ADSL connection, one RJ45 
Ethernet port and a Wi-Fi connection. What you want 
to monitor is the ADSL connection. Don’t worry - do 
not think that you will need to use the ADSL interface 
to get the desired data; SNMP can ask any one of 


the three interfaces and get the same ADSL-related 
monitoring data! 

Our previous tutorial about MRTG in issue 145 of 
LU&D used the ADSL interface whereas this tutorial 
will use the IP of the Wi-Fi interface. Using a different 
IP address or interface makes no difference. Cacti 
has many more capabilities including support 
for plugins that enable developers to generate 
additional Cacti features without dealing with Cacti’s 
source code. Aforthcoming article will show you how 
to develop a Cacti plugin, but for now we’ll focus on 
installation and configuration. 
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m Get Cacti 

On an Ubuntu system you ca 
by running the following command: 

| # apt-get install cacti 


This command will automatically install 
RRDTool as well as other required packages. 
Cacti installs its files at /usr/share/cacti/. 

As Cacti is actually a group of PHP scripts 
and a database working together and creating 
a monitoring site, multiple devices can be easily 
monitored using a centralised site. 

Installation steps 

Wb Installing Cacti is far more difficult than 
MRTG because Cacti uses a database to save its 
data instead of plain text files. Cacti uses PHP so 
your Apache configuration should also support 
PHP. So, you should have MySQL up and running 
as well as Apache with PHP support before 
continuing with the installation of Cacti. 

The power that Cacti offers does come at a 
price that you will only have to pay the first time 
you install it. 

Pre-installation actions 

UO You should have root privileges in 
order to set up Cacti on your Linux machine. 
You should also know the SNMP-related 
information of the Cisco router. If the AOSL 
router is not properly configured to support 


SNMP, you will also need to have administrative 
privileges on it and set up SNMP yourself. 

The Linux machine must also run MySQL. 
Although it is not necessary, it is very convenient to 
have a separate MySQL database to store all Cacti- 
related data. 



MySQL Setup 

w“T Cacti needs a database in order to work 
and store its data. The default option is the very 
popular MySQL database. For the purposes of this 
article, the name of the MySQL user will be ‘cacti’ 
and the password will be 'cacti pass’. It is good to use 
a separate database to store all Cacti related data; it 
will be called ‘cactiDB’. 

You should manually edit the /etc/cacti/debian. 
conf file and put in the correct database data. This 
file replaces the include/config.php file that is 
usuallyfound in Cacti source files. 


Apache Setup 

UO The Cacti site will be at the /cacti/ URL as 
defined in the (default) /etc/apache2/conf-available/ 


cacti.conf file. You will also need to install and 
turn on PHP support. First install the Libapache2- 
mod-php5 package, then enable the php5 Apache 
module; on an Ubuntu system, this module is 
automatically enabled after installation. Otherwise, 
you will have to either run a2enmod or enable the 
module manually by editing the Apache config files 
and restarting. 

AO Start Cacti installation 

W The next step is very important. Before 
doing anything else you should import the Cacti 
database data inside the MySQL database. On an 
Ubuntu Linux System, this can be done with the 
following command: 

| $ cat /usr/share/doc/cacti/cacti.sql | 
mysql -u cacti -p cactiDB 

Without this step, the installation will fail and you are 
goingto get no data from Cacti! 

In order to start the installation process, you 
should now point your favourite browser at the / 
cacti/ URL. We will use the http://mb13:3023/cacti/ 
URL but yours will vary. 

“Cacti needs a 
database in order 
to work” 
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ryj Finish the installation 

w # Two more simple steps will be required 
that should present little to no difficulty. 
After finishing all steps, you should log in to 
Cacti using the admin user. The first thing you will 
be asked to do is change the default password for 
the admin user, which is also “admin”. From now on 
you can use the http://mb13:3023/cacti/index.php 
URL to connect to your Cacti installation. 

AQ Check Cisco configuration 

UO SNMP is a known TCP/IP protocol that 
is available for most ‘clever’ devices, including 
Linux and other UNIX machines, routers, network 
switches, Windows machines, etc. 

Before you start installing Cacti, you should 
make sure that the device you are going to monitor 
is properly configured. Cacti will acquire data from 
the Cisco router using SNMP, so you should check if 
SN MP is properly working on Cisco. 


/■\Q Add the Cisco device 

w w After installing and configuring Cacti, you 
are ready to add devices and graphs to Cacti. The 
things that you need to know in advance in order to 
monitor your Cisco router with Cacti are the name of 
the SNMP community (LUD) and the name or the IP 
address of the router (192.268.2.1). 

To add the ADSL router, you should first click 
on Devices on the left. Then select Cisco Router 
and ‘Enabled’ on Status, and then click Add. Now 
you will have to fill in the required information that 
depends on your configuration. It is important to 
put the correct data in the Hostname and ‘SNMP 
community’fields. Then, click Create. 

If everything is okay, the next screen will 
display ‘Create Graphs for this Host’ on 
the upper-right side of the screen. Click on 
the ‘Create Graphs for this Host’ link to go to the 
next screen. 

The next screen after this lists all the available 
Cisco interfaces for this particular router. What 
interests us right now is Interface number 14 
(Dialerl), which is the ADSL Internet connection 
interface, so make it active. The desired graph 
type should be ‘In/Out Bits’. Now click the Create 
button. Other interfaces of interest may be Number 
5 (DotllRadioO), which is Cisco’s Wi-Fi interface 
and Number 13, which is the Ethernet interface. 
Now select Graph Trees from the left menu and 
then click Add. The next screen will allow you to 
select the device you want to monitor. Follow the 
instructions on-screen, and you are done! 



A rt The output generated by Cacti 

I W A script that runs as a cron job updates the 
output of Cacti - this is automatically configured 
during installation. You can look at the /etc/cron.d/ 
cacti file for more information about the way Cacti 
is being executed. 

Select the Graphs tab and then, from the Default 
Tree, select the desired host. You will have to wait 
a little, until some data is obtained in order for the 
graphs to be populated. 


A A User management 

I I Users in Cacti can be divided into three 
brief categories: Anonymous, Normal and 
Administrators. What differentiates these three 
categories is the way they authenticate and the 
permissions they have. 

You can also add users using the command-line 
interface of Cacti but using the graphical interface 
is simpler. You can visit http://www.cacti.net/ 
downloads/docs/html/scripts.html to find more 
information about Cacti command line scripts. 
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“Although backing up MRTG is a 
simple copy process, backing up 
Cacti is more demanding” 


A Create and use a new User 

I ^ Head across to Console>Utilities>User 
Management. You can see that two users are 
created by default: admin and guest. Click Add to 
create a new Normal user called ‘LUD’. Fill in the 
required information. On the Realm Permissions, 
turn on the View Graphs checkbox. Now, press 
Create to create the new user. It is always useful to 
turn on the ‘User must change password at next 
login’option. 

After user creation, edit the new user, go to the 
Graph Permissions tab and add the graphs that you 
want the user to be allowed to see. 

Cacti directories 

I W The /var/lib/cacti/rra directory contains all 
the RRD files that keep your performance data. The 
/usr/share/cacti/resource directory holds all the 
XML files responsible for the data queries of Cacti. 
The /var/log/cacti directory contains all Cacti log 


files of Cacti - you should visit its files when there 
are problems with Cacti. The /usr/share/cacti/cli 
directory holds all the command line scripts. 

A M Back up and restore 

I “T Although backing up MRTG is a simple copy 
process, backing up Cacti is more demanding 
because its data is stored on a database. You can 
manually backup the MySQL database using the 
followingcommand: 

| $ mysqldump -u cacti -pcactipass cactiDB 
> cacti.sql 

The generated cacti.sql plain text file contains SQL 
commands that can reconstruct a database from 
scratch (including its data). 

Similarly, you can back up all Cacti configuration 
files using a simple UNIX script; just make sure 
that you include all files and directories. If you are 


not that familiar with MySQL, you should ask your 
database administratorfor help, because backup is 
a critical task. 

Bonus material 

I w The default Cacti installation automatically 
gathers and displays monitoring data about the 
current machine (localhost). You can see it by 
selecting Graphs>DefaultTree>Host:Localhost. 

1ft Finalthou g hts 

I w Installing Cacti is not as easy as installing 
MRTG. Nevertheless, Cacti produces a more 
professional output, supports plugins and multiple 
users with different privileges. Cacti also supports 
templates. They are used for simplifying the 
creation and administration of graphs. 

Depending on your needs, you can choose MRTG 
or Cacti and be assured that any of them will serve 
you well. 
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Vagrant makes it easy to provision boxes with any 
development and deployment setup you need 


Hundreds of base images are ready-made and 
additional software is ready-configured too 



You will be in a working virtual box from scratch after Share your Vagrantfile and all your coworkers will have the 

just three vagrant commands (init, up and ssh) same development environment on all platforms 


Configure virtual boxes with 
Puppet and Vagrant - part 1 

Make it simpler to develop all kinds of server apps and manage 
the deployment of new servers by using virtual machines 


Advisor 



Richard SmedleyAUnix 

jack-of-all-trades, Richard doesn’t 
spend enough time in any Language 
to get truly proficient, Dut always 
has a shell open so learnt scripting 
by osmosis 


Resources 

Ruby ruby-lang.org 
Virtual Box virtualbox.org 
Vagrant vagrantup.com/downloads 


It may not ever be The Year of the 
Linux Desktop’, but free and open 
source dominates the boxes where 
web apps live, so how do we develop for 
them across a heterogeneous environment? 
Vagrant holds together VirtualBox or any other 
virtualisation software - it works with Amazon EC2 
and VMware, and can work with containers like 
Docker and OpenVZ. It can also work with various 
config tools to make an easy-to-manage, portable 
development environment. 

Its greatest advantage is eliminating differences 
between development and deployment environments, 
drastically reducing unnecessary errors. As your 
needs grow more complex, Vagrant’s close integration 


with config tools like Puppet will lift the admin burden 
from your shoulders. 

Share the single config file (Vagrantfile) 
with your team, with or without Puppet invocation, 
and everyone will have the same environment on 
any platform. 

Those who are hooked on using the Puppet 
config tool will need no excuse to throw its 
configuration management powers at any 
appropriate problems. We hope we can 
convince the rest of you that it’s worth learning 
in conjunction with Vagrant, but this month we’ll get 
you going with Vagrant alone. First, let’s make sure 
we’re speaking the same language by updating your 
Ruby installation. 
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HI Ruby 

w I While Perl and Python are the scripting 
languages that Linux distros and packages have 
traditionally depended upon, Ruby is the first choice 
for much of the DevOps and modern Web dev 
environment, and it’s Ruby you'll need for Puppet 
and Vagrant. 

| ruby -v 

... will tell you what, if any, version of Ruby you have. 
You'll need at least 2.0 forthese tutorials. 

There are options like rbenv to maintain multiple 
versions of Ruby easily on your PC. 
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\ VirtualBox 

■ If the problem with versions is that you're 
maintaining a piece of software needing an older 
version of Ruby, then provisioning a virtual machine 
to run both that environment and your app is a great 
reason forfollowingthe tutorial. 

Now, while you've got the package manager open, 
i nstall VirtualBox too. 

Your distro may have split out several separate 
packages, like the GUI interface virtualbox-qt. Make 
sure you get the package with the kernel modules 
virtualbox-dkms and the headers or source for the 
kernelyou're running, as well as VirtualBox itself. 

Get the latest 

WW Now for Vagrant we go straight to www. 
vagrantup.com/downloads - RPMs and Debs are 
available in 32- and 64-bit flavours, and your browser 
will probably prompt you to open your package 
manager when you download. 

There's no need to call your package manager - 
install manually using, for example: 

| dpkg -i vagrant_1.6.5_i686.deb 

... for the 32-bit package on Ubuntu or other 

For other distros, download from GitHub and install 
with Rake, as outlined in the README on Vagrant 
creator Mitchell Hashimoto's GitHub page: https:// 
github.com/mitchellh. 


“Search VagrantCloud for lists of 
what you need in a setup” 



Cloud-sourced 

w“T You'll need an OS image, and there are 
plenty available both at www.vagrantcloud. 
com and www.vagrantbox.es. You can 

search VagrantCloud for specific comma- 
separated lists of what you need in a setup 
such as jenkins.centos; wordpress,ubuntu; 
or rails,debian. 

You'll find everything from minimal distros like Tiny 
Core (good for a quick download to test things out) to 
specialist, ready-rolled systems like data-science- 
toolbox/dst. For now, we'll stick to a basic setup of 
Ubuntu 14.04 - it's available from VirtualCloud in both 
32- and 64-bit flavours. 


Up and away! 

W w Setting up a VirtualBox image from Vagrant 
is a simple matter of: 

| vagrant init ubuntu/trusty64 
| vagrant up 

... which should download the Ubuntu 14.04 64- 
bit image from VagrantCloud and start it running. 
By default, the image should be kept in -/VirtualBox 
VMs/ for subsequent use, but you can alter this in 
VirtualBox's preferences. 

On most recent distros, everything should be 
hunky dory. But errors are not unknown, so we'll take 
a quick look at the most common problems. 
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HR 0ops! 

ww Problems? It's easy to miss the correct 
kernel headers during install. Check /proc 
/version (or run uname -a) to be sure which kernel 
you're running. Error messages from... 


| VBoxManage —version 


... may help. On one Debian box, we had to rebuild 
virtualbox-dkms. For a Fedora test machine, we had 
to install the kmod-VirtualBox package for our kernel 
version, then run: 

| sudo systemctl restart systemd-modules- 
load.service 


... which fixed the problem. You may find that 
a restart of your machine might be necessary for 
fixing problems. 



07 


Vagrantfile 

When you run vagrant init, you are told: 


| A 'Vagrantfile' has been placed in this 
directory. You are now ready to 'vagrant 
up' your first virtual environment! Please 
read the comments in the Vagrantfile as 
well as documentation on 'vagrantup.com' 
for more information on using Vagrant. 


Vagrantfile is where all of the configuration 
happens. Initially, everything is commented out 
save the config.vm.box value of ubuntu/trusty32 or 
whatever you set at vagrant init. 

You can run vagrant init without a value and 
download the box you want later with the box add 
command. For example: 

| vagrant box add outnorth/debian- 
7.4RubyRailsDev 



“The base image remains unaltered 
when it is used, so can be shared 
among several projects” 


... then add it to the config.vm.box directive in 
Vagrantfile. Note that the base image downloaded 
remains unaltered when it is used, so can be shared 
among several projects - each one will have its own 
Vagrantfile in the local directory in which vagrant init 

Whichever box you're running, setting up 
networking will be a necessity - you don't really 
want a website that can only be accessed from a 
local machine! 



Port forward 

UO In Vagrantfile, you can set a bridged 
network if that fits with your VM and hosting 
setup, but the simplest networking setup is port¬ 
forwarding. A port on your virtual box, such as 80, is 
forwarded to an unused port on your host machine, 
from where it can be accessed: 


| config.vm.network “forwarded_port", guest: 
80, host: 8082 


This in turn can be forwarded - for example, from 
Apache on the host machine - and/or matched there 
to the URL you want. 


HQ Shel1 

W w Changes to Vagrantfile can be applied to a 
running server with the vagrant reload command. 
While so much can be configured from outside your 
running server, vagrant ssh gives you all important 
access to the shell inside your virtual box Tiny Core, 
shown in the screenshot above, is great for quickly 
testing VBox, as opposed to using Ubuntu. 

Don't forget to exit the ssh session before running 
any more vagrant commands. Vagrant suspend 
leaves the box a few seconds from readiness via 
another vagrant up. Vagrant destroy removes the 
virtual machine, but the Vagrantfile enables you to 
provision another that’s exactly the same. 
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® lud bash-Konsole 

O Provisions 

File Edit View Bookmarks Settings Help | ^ 


-=> default: Clearing any previously set forwarded ports... 

-=> default: Clearing any previously set network interfaces... 

=> default: Preparing network interfaces based on configuration... 

default: Adapter 1: nat 

=> default: Forwarding ports... 

default: 22 => 2222 (adapter 1) 

=> default: Booting VM... 

=» default: Waiting for Machine to boot. This nay take a few minutes... 

default: SSH address: 127.0.0.1:2222 

default: SSH username: vagrant 

default: SSH auth method: private key 

default: Warning: Connection timeout. Retrying... 

default: Warning: Connection timeout. Retrying... 

default: Warning: Connection timeout. Retrying... 

default: Warning: Connection timeout. Retrying... 

default: Warning: Remote connection disconnect. Retrying... 

default: Warning: Remote connection disconnect. Retrying... 

default: Warning: Remote connection disconnect. Retrying... 

=> default: Machine booted and ready! 

=> default: Checking for guest additions in VM... 

—> default: Mounting shared folders... 

default: /vagrant => /home/nchard/Oropbox/work/code/vms/lud 
=> default: Running provisioner: shell... 

default: Running: /tmp/vagrant-shell2O1410Ol-28672-In5arl7.sh 
e=> default: stdin: is not a tty 

=» default: Ign http://archive.ubuntu.con trusty InRelease 

=> default: Ign http://archive.ubuntu.con trusty-updates InRelease 

=> default: Hit http://archive.ubuntu.con trusty Release.gpg 

e=> default: Ign http://security.ubuntu.con trusty-security InRelease 

=> default: Get:I http://archive.ubuntu.con trusty-updates Release.gpg (933 B] 

—> default: Hit http://archive.ubuntu.con trusty Release 

=» default: Get:2 http://security.ubuntu.com trusty-security Release.gpg (933 B] 
-> default: Get:3 http://archive.ubuntu.con trusty-updates Release 159.7 kBl 




Shared files 

I w Changes you make within a running box can 
be preserved; vagrant halt cleanly shuts down the 
box and saves disk contents. Added flexibility comes 
from being able to share files between the host and 
the virtual box. 

By default, the directory from which you 
init the vagrant box is shared with that box. 
Take a look at /vagrant from within your ssh 
session - that Vagrantfile is the same one you 
were workingon before. 

More shared directories can be added 
by uncommenting config.vm.synced_folder in 
yourVagrantfile. 



Bootstrap 

I I Next month we're going to use Puppet 
to provision and maintain our virtual box, but we 
won't leave you hanging. Here's how to do it without 
Puppet, to get you goingfor now. 

Create the file bootstrap.sh in the same directory 
as Vagrantfile. The canonical example (for a Debian or 
Ubuntu box) is: 

| #!/usr/bin/env bash 

| apt-get update 
| apt-get install -y apache2 
| rm -rf /var/www 


| In -fs /vagrant /var/www 

Note the linking of the web content to the directory 
shared outside the VM. 


M Q Provisions 

I ^ The bootstrap.sh file is called by adding the 
followingto Vagrantfile: 


| config.vm.provision :shell, path: 
“bootstrap.sh" 


... beneath the config.vm.box directive, and then 
using vagrant up —provision. Or, for an already 
created machine: 

| vagrant reload —provision 

You'll see the output of the commands in bootstrap, 
sh on the terminal; expect a few warning messages 
but check through for anything unexpected. 

Now, experiment with your bootstrap.sh file and 
perhaps different distro images. Over the page well 
show how as our needs grow more complex, Puppet 
keeps things maintainable. 
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Modules enable you to share reuseable The Puppet manifests) can be simplified with classes, 

chunks of Puppet config between projects as a first step to modularity 


Configure virtual boxes with 
Puppet and Vagrant - part 2 

Previously, we used Vagrant to make deploying VMs simple. Now 
let’s add Puppet to make complex deployments manageable 


Advisor 

Richard Smedley 

AUnixjack-of-all-trades, Richard 
doesn't spend enough time in any 
language to get truly proficient, 
but always has a shell open so 
learnt scripting by osmosis 

Resources 

Puppet 

Ruby ruby-lang.org 

Virtual Box virtualbox.org 
Vagrant vagrantup.com/downloads 

Git (optional) git scm.com 


Back a few pages we saw how a 
simple virtual machine (VM) could 
be configured and then deployed 
anywhere simply by sending someone 
your Vagrantfile. We used a short shell script 
(‘bootstrap.sh’) to provision our example 
deployment with Apache. Sequential commands 
in a shell script, however, are not the most robust 
way to set up a VM, as they’re hard to debug and 
to maintain as complexity grows. 

Vagrant will work with other provisioners, 
including Ansible, Chef and Puppet. Ansible is 
a fair choice if you’re starting a team afresh as 
it’s easier to learn than the other two. Chef and 
Puppet have a steeper learning curve; Puppet 


and Chef’s documentation can be confusing, 
so work through our tutorial to get the basics 
sorted, then head off in whatever provisioning 
direction your projects need. 

Puppet will smooth over differences between 
package names on your CentOS and Debian 
VMs and handle provisioning multiple nodes 
simultaneously. Puppet’s declarative style 
makes it a more natural fit for calling on for 
damage repair, and it handles complexity 
well with classes and modules. Its motto is 
“Automate everything”. 

Puppet is best learned by example, and we’re 
going to be using it in a simple form, so you 
should be able to pick it up as you go along! 
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Masterful vs masterless 

i used Puppet elsewhere, 
you’ll be familiar with the Puppet Master. The 
nodes report to Puppet Master regularly and 
they provide central control of each node's 
configuration. It suits many use cases but not 
the largest cases (where companies with tens 
of thousands of nodes like PayPal apparently 
use Cron for the node reporting), nor for cases like 
ours where the Puppet manifest to provision the VM 
(one or only a handful of machines) is what we want. 

Distribution is taken care of with Vagrant and your 
own deployment system (like Git or whatever else you 
use to distribute your development environments 
around your team). This also avoids problems 
with firewalls, scaling and the nontrivial matter of 
configuringthe Puppet Master. 

AA Repairable 

Wfc That isn’t to say that you’d never want to 
run a Puppet Master with Vagrant - it’s just that it 
isn’t necessary, and in most cases you’ll manage 
very well without it. The Vagrant docs have a useful 
section on working with Puppet Master (see Puppet 
Agent, underthe Provisioning section). 

Our stand-alone Puppet not only still makes 
provisioning more reliable across different distros 
and versions of software, it also makes the running 
system repairable. Whereas the shell script we 
used last month can only set up the system when 
it’s created, Puppet can compare the machine’s 
actual state with what the manifest tells it should be 
happening, and repairtheVM. 


T!!t“ 


AA Somethingto declare 

ww Our provisioning shell script w< 


corrfig.vn.provision "puppet" do Ipuppetl 
puppet.nanifests.path = "isnifests" 
puppet.#anifest_flie = "default.pp" 
puppet .options = ['—verbose'] 


“Simple manifests can fit into the 
filedefault.pp” 


| #!/usr/bin/env bash 

| apt-get update 
| apt-get install -y apache2 
| rm -rf /var/www 
| 41n -fs /vagrant /var/www 


It at least provides a reproducible method that can 
be shared, but it doesn’t travel across platforms. For 
example, if you want the same services on an Ubuntu 
and a CentOS server, you'll need scripts with different 
commands for each installation step. 

We’ll start with the Puppet equivalent of that initial 
install script and build on that, examining the hows 
andwhysaswego. 


Manifestly made easy 

w“T We need to create a directory for manifest 
files, which tell Puppet how to provision the 


machine. Traditionally the directory is manifests/, 
which is in the same place as our Vagrantfile, 
and in which you’ll refer to it by relative path. 
Large manifests can be split across files, possibly 
in a separate scripts directory, but a simple 
one can fit into the file ‘default.pp’. In a fuller 
manifest this will just define the node(s) and 
basic parameters. 

In our Vagrantfile we comment out or delete the 
reference to the shellscript we added last issue and 
instead uncomment the default Puppet options, 
adding in a —verbose switch to provide a bit more 
information in case of errors: 

| config.vm.provision “puppet” do Ipuppetl 
| puppet.manifests_path = “manifests” 

| puppet.manifest_file = “default.pp” 

| puppet.options = [‘—verbose’] 

| end 


Require => 

UU To replace our basic shell provisioner, put the 
following in manifests/defaultpp 


| exec { “apt-get update”: 

| path => “/usr/bin”, 

I 

| package { “apache2”: 

| ensure => present, 

| require => Exec[“apt-get update”], 

|} 

| service { “apache2”: 

| ensure => “running”, 

| require => Package[“apache2””], 

j ) 

| file { “/var/www”: 

| ensure => directory, 

| owner => www-data, 

I 
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Notice: Compiled catalog for vagrant-ubuntu-trusty-32.home in environment productic 


l 0.79 seconds 


Notice: /Stage[main]/Apt/Exec[apt-get update]/returns: executed successfully 
Notice: Finished catalog run in 46.64 seconds 
tut@lud > vagrant ssh 

■lelcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-35-generic i686) 

* Documentation: https://help.ubuntu.com/ 

System information as of Fri Oct 17 00:27:55 UTC 2014 

System load: 0.11 Processes: 74 

Usage of /: 2.7X of 39.34GB Users logged in: 0 

Memory usage: 16% IP address for ethO: 10.0.2.15 

Swap usage: 0% 


Manifestly apt 

w W Instead of giving the steps (update the 
package list, then install Apache), we simply told 
Puppet that we required Apache to be present: 


| package { “apache2”: 
| ensure => present, 

I } 


Note that we had... 


for packages and services soon get complicated. 
Organising them into classes makes files more 
maintainable, as requirements change, and gives 
you more reuseable components for where 
you have more than one node, such as 
for web servers, database servers and 
load balancers. 

| Exec { path => [ “/bin/”, “/sbin/” , “/usr/ 
bin/”, “/usr/sbin/” ] } 


| require => Exec[“apt-get update”], 

...to tell Puppet that the system should be updated 
first. The distros’ repositories usually contain updated 
(and more secure) versions of software than the ones 
shipping in release ISOs. 

Once you’ve run vagrant up and vagrant 
ssh, take a look at /var/log/apt/history.log to 
check it ran, although you'll also see it working 
from the host by pointing your web browser at 

http://localhost:8082. 


07 


Class act 

Beyond our 


simple 


requirements 


class apt { 

exec { ‘apt-get update’: 
command => ‘apt-get update’, 

} 

} 

class apache { 

package { “apache2”: 
ensure => present, 
require => Class[“apt”], 

} 

service { “apache2”: 
ensure => “running”, 
require => Package[“apache2”], 

} 


I 

| include apache 
| include apt 


In our earlier manifest, we’d specified a path under 
the instruction to run apt-get update. Here 
we separate out the location of binaries to run 
into a path directive at the start. Everything else 
we can tidy into classes: we’ve just got apt 
and Apache for now, but feel free to add 
your own. 


Reprovision 

wO vagrant provision reloads the provisioner 
without rebooting the VM. If you’ve shut it down, 
vagrant reload —provision (or vagrant up 
—provision if starting again) makes sure the 
altered manifest is loaded. And so does this, from 
within the VM,v 


| puppet apply /vagrant/manifests/default.pp 


Don’t worry about time-outs when you’re loading or 
reloading vagrant if there are no warnings. You’ll see if 
it’s all running okay anyway. 
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“Vagrant reload can make sure the 
altered manifest is loaded” 


Clean and tidy 

W w At this point you may want to get rid of all 
the commented-out code in Vagrantfile which 
you’re not using and make a copy to keep handy 
for reference (though the default Vagrantfile is 
easily found again online). Snip out the unwanted 
sections on provisioning and networks that you 
don't need. 

Now you can see the entire file in your text editor, 
it’s easier to add in a few more things. We’ve put: 

| config.vm.box_check_update = false 


| config.vm.define :web do |www| 

| www.vm. hostname = “www.example.com” 

| www.vm.network :private_network, ip: 

“192.168.0.170” 

| www.vm.network :forwarded_port, 

guest: 80, host: 8082 
| end 

I config.vm.define :db do |db| 

| db.vm.hostname = “db.example.com” 

| db.vm.network :private_network, ip: 

“192.168.0.171” 

| end 


...despite it being not generally recommended. If 
you’re making several changes to your setup whilst 
on a slow internet connection, it’s a handy time- 
saver. But just remember that you will need to 
comment it out again to bring your box up to date 
before you do anything important on it. 


A / More nodes 

I w Now let’s get back to the Vagrantfile and 
have a quick look at providing more than one node 
(VM) from a single configuration. In Vagrantfile, 
before the provision directive: 


This defines two separate VMs - web and db. 


A i Modular 

I I Now in the manifest file ‘site.pp’ 
split out the nodes with something like: 


| node www.example.com { 
| include apache 

l> 


There’s plenty more to learn to really take 
advantage of Puppet here. Before we finish 
with a pointer to further resources, the last 


step to scaling and better maintainability is 
Puppet modules. A module groups resources 
in a directory: an ‘init.pp’ with a single class 
definition of the same name as the directory and 
module, plus other manifests as needed, to tidily 
contain the complexity of configuring resources 
like Apache. 

You'll also need the path in your Vagrantfile: 

| puppet.module_path = “puppet/modules” 


VAGRANT 



Moving on 

I We hope the diverse online documentation 
on Vagrant with Puppet will be more useful 
now that you have walked through a simple case 
with us. There’s a lot of power in Puppet provisioning 
of Vagrant and plenty more tricks to try - such 
as applying version control. If you share a git 
repository with your development team, for example, 
then you have combined back up, version control 
and distribution. 

In addition to the web resources that we’ve 
pointed to in the last couple of issues, John 
Arundel’s Puppet 3 Cookbook (bit.ly/1 tySg95) 
has detailed ideas on using Git to scale 
Puppet and is well worth a look. There’s also a 
Vagrant cookbook based on the useful Vagrant blogs 
found at erikaheidi.com, and this book covers all of 
the provisioners. 

Finally, try some ready-rolled VMs with Puppet 
examples to build upon - search VagrantCloud. 
com. Or just use PuPHPet.com to generate your 
manifests foryou! 
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Build games for Pebble 




Develop for the Pebble smartwatch and olay games on the go 


Advisor 


l Tam Hanna has been in 
| the IT business since the days 
I of the Palm lllc. Serving as 
I journalist,tutor,speakerand 
| author of scientific books, he has 
en every aspect of the mobile 
I market more than once 


Under a superficial examination, the 
Pebble doesn’t exactly look like an ideal 
device for gaming. If we look at its puny 
■ssr 80MHz processor, which is paired up 
with a monochrome e-paper screen, the display 
does not only lack the ability to display colour but is 
furthermore not particularly well suited to frequently 
updating content. The Pebble also interacts with its 
user via a grand total of four buttons, one of which 
cannot be accessed easily by third-party applications. 

Paradoxically, the Pebble’s success is directly 
rooted in its utilitarian approach to smartwatch 
design. Using low-powered hardware permits 
the watch to be cheap and cheerful: most of its 
competitors tip the scales far harder and therefore 
last for significantly less time on a single charge. 

In the past, developers have frequently risen to the 
challenge of doing almost impossible things. Given 


that some gamers have managed to shoehorn a 
complete 3D engine into a Commodore 64, creating a 
game for one of the world’s favourite smartwatches 
seems as though it should be more than doable. 

Dong Nguyen's very popular game Flappy Bird 
recycled a simple game concept first seen on Palm 
OS. Originally known as SFCave, the game involves 
you leading an object through a cave where activating 
a booster rocket makes the object rise, while gravity 
makes itfallon its own. 

Flappy Bird is primitive when analysed from a 
conceptual point of view, but this is beneficial for 
our cause; getting started with game programming 
becomes much easier if the example at hand does not 
distract you from the actual coding work. 

The first - and utmost important - concept 
involves the idea of the game loop. GUI-driven 
applications spend most of their time gallivanting 
around and waiting for user input - as long as the 
user does not press a control, nothing has to be done. 
I nput causes the app to perform more or less complex 
computations, after which the results are displayed. 

Games find themselves in a less satisfactory 
situation. They are to model the real world, which 
does not provide its subjects such a serene existence. 
Instead, everything is continuous: gravity pulls, 
people chatter and wines age in realtime. 


■ Discretisation transforms the continuous 
function into single-value steps 

The first step to digital bliss involves a process 
called discretisation. This mathematically complex 
process splits real time into a group of slots (see graph 
above), which are then run one after the other. Inside 
each slot, all movements are considered discrete: 
the wine will age by one slot, while a person says a 
letter (or two). 

When the individual steps are small enough, they 
cannot be taken apart from a normal and contiguous 
motion. In most cases, games will work with a 
loop-like structure similar to the one shown above: 
each update cycle is followed by one dedicated to 
refreshing the screen. The number of screen redraws 
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■ A game loop provides the framework for most 
animated visuals 


is often referred to as the frame rate. Once rates reach 
more than about 30 frames per second, users tend to 
perceive them as continuous. 

CODING ON THE INTERNET 

Even though Pebble OS is supported by a Linux-based 
software development kit, most developers choose 
to do their work via CloudPebble. It provides a set of 
private repositories and a network-based compiler. 
Remote deployments are enabled via a smartphone 
connected to the Pebble. 

Getting started with CloudPebble requires you 
to visit https://cloudpebble.net/ide with a browser 
of your choice. Proceed to creating an account in 
order to maintain your projects on the server. Your 
Pebble smartwatch must be connected to the Pebble 
Conduit app, which can be downloaded from the 
Google Play Store. 

Once the initial configuration is done, click 
Menu>Settings and enable the developer connection. 
Then, open the menu in order to find the developer 
mode settings and check the Enabled checkbox in 
order to activate the forwarding (if your CloudPebble 
account matches the one used on the phone, the 
connection will be established automatically). 

At the time of writing, developers need to use 
a beta version of the handset app because it only 
runs on Android 4.3 and above; the previously 
possible method of manual IP address entry has 
been disabled. 

Next, you need to click on the Create button in 
order to start the New Project wizard. The Flappy 
Tux game is a Pebble C SDK Project based on the 
Minimal template. It consists of just the one file 
named main.c. Flappy Tux’s default content looks 
like the following: 
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void handle_init(void) 

{ 

my_window = window_create(); 

myCanvas = layer_create(GRect(0, 0, 144, 168)); 

window_stack_push(my_window, true); 

Layer* motherLayer=window_get_root_layer(my_window); 
layer_add_child(motherLayer, myCanvas); 

layer_set_update_proc(myCanvas, updateGame); 
app_timer_register(34, timer_handler, NULL); 


“Normal applications tend to be 
made up of one or more windows 
cascaded above one another” 


| #include <pebble.h> 

| Window *my_window; 

| TextLayer *text_layer; 

Main.c starts out by including pebble.h - 
this file contains definitions for the various 
operating system functions. We then proceed 
to create two pointers: one of them refers to a 
Window object, whereas the other pointer will address 
a TextLayer. 

Pebble OS contains a layer-driven GUI stack. This 
means that normal applications tend to be made up 
of one or more windows cascaded above one another. 
Each of these window objects can contain one or more 
sublayers, which realise the actual user interface. 

Game developers tend to shy away from the user 
interface resources provided by the OS due to their 
less than stellar performance. In the case of the 
Pebble, games based on multiple BitmapLayers tend 
to be significantly slower than ones based on the 
sprite drawing technique used in our example. 

HandleJnit and handle_deinit are responsible for 
setting up the user interface. It consists of an empty 
form containing an also empty label: 

| void handle_init(void) { 

| my_window = window_create(); 

| text_layer = text_layer_create(GRect(0, 
0, 144, 20)); 

| window_stack_push(my_window, true); 

I) 


| void handle_deinit(void) { 

| text_layer_destroy(text_layer); 

| window_destroy(my_window); 

Pebble OS calls the mainO function in order to 
start an application. It invokes the app_event_ 
loopO method, which is responsible for starting the 
aforementioned event loop. The invocation will not 
return until the program is intended to terminate. 
Followingon from that, handle_deinit() is invoked: 

| int main(void) { 

| handle_init(); 

| app_event_loop(); 

| handle_deinit(); 

I 

With that, we are ready to deploy our application 
to the smartwatch. Ensure that developer mode is 
enabled in the conduit app, then click the play button 
in the GUI of CloudPebble. An empty window should 
appear on your Pebble after a few seconds worth 
of waiting. 

TICK, TICK, TICK 

Our game will draw itself into a single layer. This 
requires us to start a game loop - a process that is 
ideally accomplished by changing the content of 
handlejnit in order to look like the version shown in 
the listing in Fig 01 (previous page). 

Handlejnit now starts out by creating a fullscreen 
layer. It is then pushed into the main window in order 


Linux & Open Source Genius Guide 143 









Developer guide 



■ Discretisation transforms the continuous function into single-value steps 


to make it appear on the display. Then layer_set_ 
update_proc assigns an update handlertothe layer. 

Most operating systems don’t permit developers to 
update the visuals as they please, but rendering can 
be made more effective if changes are made only in 
response to an event. Our method updateGameO will 
be invoked whenever myCanvas needs to be redrawn. 

Since timers in Pebble OS are always single-shot, 
the timer handler must retrigger itself in orderto keep 
the loop running. Furthermore, the layer is marked 
dirty in orderto invoke its redrawing method: 

| static void timer_handler(void *context) 

If 

| layer_mark_dirty(myCanvas); 

| app_timer_register(34, timer_handler, 
NULL); 

l> 

Finally, the actual redrawing will take place 
in updateGame. This method is provided with a 
GContext variable which will now point at the layer 
in question: 

| static void updateGame(Layer *layer, 
GContext *ctx) 

If 

I 


ADD SOME PHYSICS 

Our version of Flappy Bird does not have to be full of 
features - we will, for now, be happy if our little Tux 
moves across the screen. This can be accomplished 
by ‘integrating’ the steering input in every pass of the 
game loop: 

| static void updateGamefLayer *layer, 
GContext *ctx) 

f 

totalPos+=moves_per_frame; 
moves_pe r_f rame+=0.04; 
ifftotalPos < 30) totalPos=30; 
ifftotalPos > 114) totalPos=114; 

flownWay+=l; 

Newtonian physics live by the law of constant 
motion. The position of an object can be determined 
by summing up its speed over time, and speed itself 
can be derived by summing up acceleration. Our 
example does this with two global variables, which are 
furthermore given a sanity check in order to keep Tux 
from falling off the screen. 

SPRITES AND BITMAPS 

Pebble OS provides developers with a group 
of graphical primitives that can be used for 
drawing lines, rectangles and circles. These 


methods can work really well when faced with 
simple tasks, especially because creating more 
complex visuals by hand imposes a significant 
performance penalty due to the complex 
mathematics required. 

Ready-made elements can be brought on¬ 
screen much faster by using a prerendered bitmap. 
Displaying it involves but a few calls to memcpy. Our 
graphic artist has created a few ready-made PNG files 
for our image. 

Click the Add New button next to the Resources 
header in order to open the resource adding wizard. 
The identifier field must be provided with a stringthat 
makes a valid C constant, which your code will use for 
findingthe resource in question. 

The background image is to be added as a normal 
PNG image. Due to the Pebble’s lack of direct 
support for bitmasks, the character sprites need to 
be uploaded twice: both the ‘black-centric’ and the 
‘white-centric’ versions should be transferred with a 
resource type of “PNG Image with transparency”. This 
leads to a resource structure which is similar to the 
one shown on the left. 

Any embedded resources must be decompressed 
before use. We accomplish this in handle_bmps, 
which is to be invoked from handleJnit (Fig 02). 

UpdateGameO must be expanded to include the 
drawing code responsible for handling the bitmaps 
(Fig 03). 

Look carefully at our background tile. You will see 
that the contents of its right-most border now match 
the ones on the left: drawing more than one tile next 
to one another creates a continuous pattern. 

We utilise this by drawing the background in two 
steps. Tile number one is drawn slanted to the left: the 
farther our character moves, the more of it gets drawn 
off-screen. The remaining white space is then filled 
with a second image, which partially overflows off the 
right-hand side of the display. 

Drawing the actual sprite is a bit more involved. 
The calls to set_compositing_mode determine how 
the source image is to be rendered onto the 
underlying canvas. We start out by using Clear, which 
permits us to write the black parts of the Tux figure. 
After that, Or is used in order to paint the white eyes 
and belly of the penguin. 

Compositing is quite a complex affair. You can find 
further information in the official documentation 
by looking up the term GcompOp at the Pebble 
developer site (http://bit.ly/1vseKak). 

ADD INTERACTIVITY 

Running the game as it stands will yield a moving 
background and a Tux falling down in a more or 
less naturally accelerated fashion. Take note to 
see that its belly is not transparent thanks to our 
expedient efforts. 
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Our Pebble has a total of four buttons. 
The back knob on the left-hand side of the 
watch closes the currently opened window; 
repurposing it requires significant effort, so we 
will restrain ourselves to handling pushes of 
the middle button. Sadly, handling knob events is 
quite a procedure under Pebble OS. Let’s start the 
process by creating a configuration provider function, 
which will then be invoked from handleJnitO (Fig 04). 

Its raison d’etre involves informing the 
system about your application's needs in 
relation to keyboard input. Our implementation 
registers interest in the central button, which 
will be routed to the two methods responsible 
for handling the clicking and unclicking of 
the button (Fig 05). 

Our game loop analyses the flag. This information 
is used for determining the acceleration working on 
the penguin: if the button is held down, an imaginary 
booster cancels gravity and furthermore provides a 
slight jolt to the top: 

| static void updateGame(Layer *layer, 
GContext *ctx) 

I { 

| totalPos+=moves_per_frame; 

| if(myIsClicked) 

I { 

mo ves_pe r_frame-=0.06; 

I } 

| else 

I { 

moves_per_frame+=0.04; 

I } 

I 

CONCLUSION 

It's now time to call it quits for this issue of Linux 
User and Developer. We’ve managed to create the 
beginnings of a Flappy Bird clone, which further 
introduced us to a variety of interesting concepts 
related to game programming. Adding support for 
enemies and walls should be a breeze. 

Things like game loops, sprite handling and basic 
physics are universal. The knowledge gathered here 
can be applied to games running on smartphones and 
PCs - even high-budget game titles such as Call of 
Duty are based on similar paradigms. 

The next article will present an example wall 
implementation. It will then proceed to look at the 
second reason for the tremendous success of the 
Pebble: it can connect itself to the most commonly 
used smartphones and can display the content stored 
on them in a more convenient fashion. 

We will exploit this by creating an Android-based 
conduit app that interacts with our smartwatch game. 


“We’ve managed to create a Flappy 
Bird clone, which introduced us to a 
variety of interesting concepts” 

void handle_bitmaps(void) 

{ 

myBG=gbitmap_create_with_resource(RESOURCE_ID_BG_SPRITE); 
myCharWhite=gbitmap_create_with_resource(RESOURCE_ID_CHAR_WHT_WHITE); 
myCharBlack=gbitmap_create_with_resource(RESOURCE_ID_CHAR_BLK_BLACK); 
myEnemyWhite=gbitmap_create_with_resource(RESOURCE_ID_WALL_WHT_WHITE); 
myEnemyBlack=gbitmap_create_with_resource(RESOURCE_ID_WALL_BLK_BLACK); 

} 


static void updateGame(Layer *layer, GContext *ctx) 

{ 


graphics_context_set_compositing_mode(ctx, GCompOpAssign); 
graphics_draw_bitmap_in_rect(ctx, myBG, GRect(-flownWay%144, 0, 144, 159)); 
graphics_draw_bitmap_in_rect(ctx, myBG, GRect(144-(flownWay%144), 0, 144, 159)); 

graphics_context_set_compositing_mode(ctx, GCompOpClear); 

graphics_draw_bitmap_in_rect(ctx, myCharBlack, GRect(10, (int)totalPos, 20, 30)); 
graphics_context_set_compositing_mode(ctx, GCompOpOr); 

graphics_draw_bitmap_in_rect(ctx, myCharWhite, GRect(10, (int)totalPos, 20, 30)); 

} 


void config_provider(Window *window) 

{ 

window_raw_click_subscribe(BUTTON_ID_SELECT, sel_click_handler, 
sel_release_handler, NULL); 

} 


void handle_init(void) { 

my_window = window_create(); 

window_set_click_config_provider(my_window, (ClickConfigProvider) 
config_provider); 


void sel_click_handler(ClickRecognizerRef recognizer, void *context) 

{ 

myIsClicked=true; 

} 

void sel_release_handler(ClickRecognizerRef recognizer, void 
*context) 

{ 

myIsClicked=false; 

} 
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Connect your Pebble 
game with Android 

Pebble OS-based smart watches are social creatures. Let’s 
teach Flappy Tux to get in touch with Android smartphones 


Advisor 



Tam Hanna has been in 
the IT business since the days 
of the Palm lllc. Serving as 
journalist, tutor, speaker and 
author of scientific books, he has 
seen every aspect of the mobile 
market more than once 


■ The ‘evil’ wall system draws the obstacles 
based on the player’s position 


The last tutorial you how to create a 
version of Flappy Bird for your Pebble 
smartwatch. Due to the complexity of the 
code, our game had to make do without a 
wall system: we simply didn’t have enough space to 
go over its implementation. 

Fortunately, this tutorial brings four new pages 
of Tam-generated goodness. In addition to a wall 
system, we will implement a form to display the 
current session’s high score. Finally, a little conduit 
will be hacked up; it will connect Flappy Tux to 
your Android smartphone, opening up all kinds of 
fascinating possibilities for interaction. 

Fine-tuning the difficulty of a game is one of 
the hardest design challenges. Simply increasing 
the speed of everything is easy - modifying the 
environment and/or artificial intelligence leads to 
more satisfying outcomes. 

We use this approach by creating an ‘evil’ 
wall generation algorithm. Whenever a wall 
is created, the current position and speed of 
the player is taken into account. As we can 
compute the ‘maximal’ position which can be 
reached via Newtonian physics, a wall can be 
made higher or lower in order to modify the reaction 
time given. 

GIVE ME... A PREDICTOR 

New walls will appear on the right-hand side 
of the screen when the last wall is more than 
60 pixels away. This means that the player has 
about 60 pixels worth of space in order to climb or 
sink. Since we assume a constantly accelerated 
motion, the distance travelled can be determined 
by the formula s = (0.5 * a * t2) + (vO * t). VO’ 
stands for the initial speed, while ‘a’ stands for the 
acceleration that is applied. In Pebble C, this can be 
implemented as in Fig01. 

getMaxClimb and getMaxDroop differ as they 
return the maximum value valid for raising and 
falling. Performing the power of two involves using 
mathematical functions, so its value is determined 
by transforming the operation into a series of 
multiplications: t2 becomes t*t (t3 would be t*t*t). 


We use these values in order to create new 
walls. Wall positions get updated in the same pass, 
thereby creating an illusion of movement directed 
towards the player character: 

| static void checkWalls(GContext *ctx) 

i< 

| if(walllAlive==false && wall2x<60) 

| {//Build a wall 
| walllx=140; 

| wallly= wall2y + getMaxDroop(60)/4; 

| if(wallly<20) wallly=20; 

j if(wallly>100) wallly=100; 

| walllAlive=true; 

j > 

| //Second wall omitted 
| //Move walls 
| walllx—; 

| wall2x—; 

| if(walllx==0) walllAlive=0; 

| if(wall2x==0) wall2Alive=0; 

Walls must not be too close to one another. 
We accomplish this via mutual exclusivity: a new 
wall spawns only if the previous one has passed 
across half of the screen. A generous allowance 
is deducted to give the player ample reaction 
time. Furthermore, values are clamped in order to 
prevent the algorithm from going berserk. 

Developers working on real games should offer 
different difficulty values. The actual amount of 
pixels to be subtracted should be determined by 
play testing. Coders working on existing games 
could also resort to analysing the behaviour of their 
current customers. 

Drawing the actual walls is simple. We forego the 
use of sprites and render rectangles instead. You 
are, of course, free to change this if your application 
is to be released commercially (Fig 02). 

graphics_fill_rect is interesting insofar as it 
permits the creation of rectangles with rounded 




146 


Source Genius Guide 


Linux & Open Source\v / 

Genius Guide = 


corners. This can be achieved by passing in a 
radius in lieu of zero; one or more GCorner flags 
can be ORred together in order to select the 
affected corners. 

STYLISH COLLISIONS 

FlappyTux should display the player’s current high 
score once the game has ended. CloudPebbie’s 
recently released GUI editor makes creating new 
forms really easy. Click the Add New button next 
to the Source Files section in order to open the 
creation wizard. Set File Type to Window Layout, 
and proceed to creating a new window called 
GameOverView. 

The GUI editor is divided into two parts. Clicking 
control headers in the Toolkit section adds a 
corresponding widget to the form, while the 
properties of the currently selected widget can be 
modified in the aptly-named Properties pane. Add a 
group of controls in order to end up with the layout 
shown in the figure. 

In the next step, proceed to clicking the ruler 
symbol on the right-hand side of your screen. 
CloudPebble will respond by showing you the 
generated code of the form, which will have a 
structure similarto Fig 03. 

Qt developers will immediately recognise how the 
GUI editor works. The parts inside the Ul comments 
are generated automatically whenever the layout of 
theform changes. Your code should confine itself to 
the methods outside of the comment - they are not 
regenerated as time passes by. 

show_gameoverview activates the form for 
display. We can modify it in order to display the 
high and current scores, which are stored in 
global variables: 

| static char buf[] = “123456”; 

| static char bufl[] = “123456”; 

| void show_gameoverview(void) 

I { 


| snprintf(buf, sizeof(buf), “%d”, 
highScore); 

| text_layer_set_text(s_high, buf); 

| snprintf(bufl, sizeof(bufl), “%d”, 
myScore); 

| text_layer_set_text(s_you, bufl); 


I 

handle_window_unload gets called when form 
is removed from the screen. It is the ideal place to 
resume the game loop with afresh start (Fig 04). 


static float getMaxClimb(int t) 

{ 

return 0.5*-0.06*t*t+ moves_per_frame * t; 

} 

static float getMaxDroop(int t) 

{ 

return 0.5*0.04*t*t+ moves_per_frame * t; 

} 


“Simply increasing the speed is easy 
- modifying the environment leads 
to more satisfying outcomes” 

//Draw wall 
if(walllAlive) 

£ 

graphics_fill_rect(ctx,GRect(walllx, 0, 10, wallly), 0, GCornerNone); 

} 

if(wall2Alive) 

£ 

graphics_fill_rect(ctx,GRect(wall2x, 159-wall2y+32, 10, wall2y), 0, GCornerNone); 

} 

} 


// BEGIN AUTO-GENERATED UI CODE; DO NOT MODIFY 
static TextLayer *s_you; 
static TextLayer *s_high; 

static void initialise_ui(void) { 

} 

static void destroy_ui(void) { 

}' 

// END AUTO-GENERATED UI CODE 

static void handle_window_unload(Window* window) { 
destroy_ui(); 

} 


static void handle_window_unload(Window* window) { 
destroy_ui(); 
goverFlag=false; 
flownWay=0; 
totalPos=50; 
moves_per_frame=0; 
walllAlive=wall2Alive=false; 
wa 111 x=wa llly=wall 2x=wal 12y=0; 
app_timer_register(34, timer_handler, NULL); 

} 
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static void updateGame(Layer *layer, GContext *ctx) 
{ 

checkWalls(ctx); 

if(walllx<30 && walllx>10 && walllAlive==true) 

{ 

if(totalPos<wallly) 

{ 

goverFlag=true; 
myScore=flownWay; 

if(highScore<myScore)highScore=myScore; 

} 

} 

//Second wall omitted 

} 


myConnected = PebbleKit.isWatchConnected(getApplicationContext()); 
if(myConnected) 

{ 

PebbleKit. startAppOnPebble(getApplicationContext(), PEBBLE^APPJJUID); 
PebbleDictionary data = new PebbleDictionary(); 
data.addUint8(0, (byte) 1); 

PebbleKit. sendDataToPebble(getApplicationContext(), PEBBLE_APP_UUID, data); 

> 


Button aButton=(Button) findViewByld(R.id.buttonl); 
aButton.setOnClickListener(new OnClickListener() { 

@0verride 

public void onClick(View v) 

{ 

if(myConnected) 

{ 

PebbleDictionary data = new PebbleDictionaryO; 
data.addllint8(0, (byte) 2); 
data.addlntl6(l, (short)9000); 

PebbleKit. sendDataToPebble (getApplicationContext (), PEBBLE_APP_UUID, data); 

} 

} 

}); 


With that, the game loop must be updated 
one more time. Add the following snippet to the 
bottom in order to invoke the checkWalls function. 
Collisions with walls are handled by setting the 
game_over flag (Fig 05). 

Our timer event handler does not preserve the 
AppTimer reference returned to it, which makes 
cancelling it a bit difficult. We solve this problem by 
parsingthe GameOver-Flag in timer_handler: 

| void timer_handler(void *context) 

I 

| if(goverFlag==false) 

I f 

| layer_mark_dirty(myCanvas); 

| app_timer_register(34, timer_handler, 


NULL); 

} 

else 

{ 

show_gameoverview(); 

} 

} 

If goverFlag is set to true, no further frames 
are fed into the game engine. Instead, show_ 
gameoverview is invoked in order to show the 
screen of doom. 

ANDROID, AHOY! 

Pebble supports Android and iOS. The Android 
SDK is available via a dedicated GitHub repository 


located at https://github.com/pebble/pebble- 
android-sdk/releases. We will use version 2.6 
in the following steps, so simply click the link 
bearing its number to get it. Extract the archive 
and import the AndroidManifest file into Eclipse via 
lmport>Android>Existing code. The SDK will show 
up as a project called main. Open the Properties 
dialog and navigate to the Android subsection: the 
checkbox “Is Library" must be enabled. Finally, drag 
and drop the contents of the java folder into src. 

In the next step, the actual application is to be 
right-clicked. Open the Properties dialog and select 
the Android subsection. Click the Add button in the 
Library area. Eclipse will display a popup permitting 
you to select the “main” library created in the 
preceding step. 

Pebble applications are identified via their 
globally unique UUID. Find yours in the Settings tab, 
and simplify access by creating a constant in your 
MainActivity: 

| public class MainActivity extends 

ActionBarActivity { 

| private final static UUID PEBBLE_APP_ 
UUID = UUID.fromString(“56f93cf8-lab7- 
48c0-9859-d3c2f631cldb”); 

Pebble applications communicate with their 
companion applications via so-called dictionaries. 
A dictionary is best described as a key-value 
store - pass in an ID in order to retrieve the value 
associated with it. 

For simplicity’s sake, our Android conduit 
consists of one method. OnCreate starts by trying 
to find if a Pebble is currently connected to the 
smartphone. If that is the case, our application is 
brought to the foreground (Fig 06). A button must be 
pressed in order to transmit an artificial high score 
to the watch. Its implementation is interesting, 
mainly due to the way the OnClickListener is 
declared (Fig 07). 

Both methods create an empty PebbleDictionary, 
which is then populated with one or more values. 
The individual tuples don’t need to be stored in 
ascending order - a dictionary consisting of the 
values 1 and 50 would be perfectly legal. 

Receiving information is a bit more difficult due 
to the way the interaction between watch and app 
is configured. PebbleKit is but a thin wrapper which 
fires intents into the driver, thereby saving your 
application from needing Bluetooth permissions. 
Harvesting data requires the use of a handler class. 
Our example combines this with a thread dispatch, 
which permits you to update the Ul (Fig 08). 

Pebble applications communicating via 
AppMessage should declare a total of four event 
handlers in mainQ. app_message_open informs 
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the operating system about the “chattivity” of 
your app, and furthermore permits you to specify 
the maximum size of incoming and outgoing 
dictionaries (Fig 09). 

Space constraints force us to omit an 
explanation of the dropped/failed/sent handlers 
- their fairly primitive code can be seen in the 
example code on FileSilo.co.uk. inbox_received_ 
callback is more interesting due to a unique 
constraint of Pebble OS - developers cannot 
provide a dictionary instance with an ID in order to 
receive the value in question. Instead, all tuples 
must be parsed one after another using a method 
like the one shown in Fig. 10. 

Finally, the current highscore is sent to the 
smartphone via the timer_handler function. 
app_message_outbox_begin opens the outbox 
dictionary, which is then populated with the user 
data. app_message_outbox_send transmits 
the data to the smartphone, where it should be 
acknowledged by the client application: 

| void timer_handler(void *context) 

I { 

| if(goverFlag==false) 

I 

| else 

I f 

| Dictionarylterator *iter; 

| app_message_outbox_begin (&iter); 

| dict_write_intl6(iter, 0, (intl6_t) 

highScore); 

| uint32_t final_size = dict_write_ 

end(iter); 

| app_message_outbox_send (); 

| show_gameoverview(); 

I } 

I 

LEARN SOME MORE 

Pebble OS is really not that difficult to work with; 
even after spending just a little time with it, you 
should find it easy to use. Developers who are 
used to classic PDA and smartphone OSs tend to 
be impressed by the simplicity of the API. Sadly, 
this does not mean that two tutorials of four pages 
each can cover the entirety of the features that are 
available to developers. Our treatment of the GUI 
stack is necessarily quite introductory. 

However, Pebble itself has recently worked over 
its developer documentation. Open developer. 
getpebble.com/ in your browser of choice in order 
to start learning more about what you can do; 
content found in Guides tends to provide more 
detailed information on specific topics, while the 
syntax and parameter roles of individual functions 
can be studied by selecting Ddocumentation. 


final Handler handler = new Handler(); 

PebbleKit.registerReceivedDataHandler(this, new PebbleKit. 
PebbleDataReceiver(PEBBLE_APP_UUID) { 

©Override 

public void receiveData(final Context context, final int 
transactionld, final PebbleDictionary data) 

{ 

handler.post(new RunnableQ { 

©Override 

public void run() { 

TextView myView=(TextView)findViewById(R.id.textViewl); 
myView.setText(String.valueOf(data.getlnteger(0))); 

} 

}); 

PebbleKit.sendAckToPebble(getApplicationContext(), transactionld); 

} 

»; 

} 


“Pebble OS is really not that 
difficult to work with; even after 
spending just a little time with it” 

int main(void) { 
handle_init(); 

app_message_register_inbox_received(inbox_received_callback); 
app_message_register_inbox_dropped(inbox_dropped_callback); 
app_message_register_outbox_failed(outbox_failed_callback); 
app_message_register_outbox_sent(outbox_sent_callback); 
app_message_open(app_message_inbox_size_maximum(), app_message_outbox_ 
sizejnaximunO); 
app_event_loop(); 
handle_deinit(); 

} 


static void inbox_received_callback(DictionaryIterator iterator, 
void *context) 

{ 

Tuple *t = dict_read_first(iterator); 
while(t != NULL) 

{ 

switch (t->key) 

{ 

case 1: 

highscore = (int)t->value->intl6; 
break; 

} 

// Get next pair, if any 
t = dict_read_next(iterator); 

} 

} 
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Create your own VPN server 

Dial into your own network from anywhere to access your files 
and browse the Internet freely 



Advisor 

t Rob Zwetsloot models 

complex systems and is a web 
developer proficient in Python, 
Django and PHP. He loves to 
experiment with computing 

Resources 

OpenVPN openvpn.net 


The use of VPNs is actually quite common 
(<T around the world for a number of different 
\ v ( reasons. Companies do it to enable their 
employees to dial into their office network 
and access relevant files and software. Individuals do 
it to dial into their own personal network for much the 
same reason, as well as being able to then use their 
own Internet connection to access online material 
that may be restricted if they happen to be using a 
hotel’s Internet, for example. 

In this tutorial, we are going to show you how to 
set up your own VPN server within your own network 
using the excellent OpenVPN software. As long as 
you have a system that you can keep up for 24 hours 
a day, this will be very useful for you. We are doingthis 
tutorial on Ubuntu 14.04, but it will be easy to modify 


p r- Initial setup 

V I We’re doing this on an Ubuntu machine, 
but everything we do will be translatable to other 
systems and servers. On your soon-to-be VPN 
server, you need to start by installing software with: 

| $ sudo apt-get install openvpn easy-rsa 

Once that’s done we need to get the example setup 
for us to workfrom and modify by doing: 

| $ sudo gunzip -c /usr/share/doc/openvpn/ 
examples/ 

sample-config-files/server.conf.gz > /etc/ 
openvpn/server.conf 
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Edit the confi 

kj£m We’re going to 
example we just made 
nano /etc/openvpn/s 
following line: 


iting the config file 
it first in nanofsudo 
if). Then change the 


| ‘dh dhl024.pem’ to ‘dh dh2048.pem’ 


“We’re doing this on an Ubuntu 
machine, but everything we do will 
be translatable to other systems” 


Remove the comment (;) from ;push “redirect- 
gateway defl bypass-dhcp”. Uncomment the lines 
below: 

| ;push “dhcp-option DNS 208.67.222.222” 

| ;push “dhcp-option DNS 208.67.220.220” 

... and finally, also uncomment the following two lines 
before saving and exiting: 

| ;user nobody 
| ;group nogroup 

Forward client internet 

ww We can now edit sysctl to forward the 
packets from the computer that we are connecting 
from. We can do this by running the following 
command: 

| # echo 1 > /proc/sys/net/ipv4/ip_forward 

We then need to edit the file sysctl.conf, so open it 
up in nano from the location /etc/sysctl.conf. Once 
open, we need to edit the line below: 

| #net.ipv4.ip_forward=l 

... and remove the comment (#) so it looks like: 


| net.ipv4.ip_forward=l 
Then save and exit. 

An uncomplicated firewall 

Uncomplicated firewall, or ufw, is installed 
by default in Ubuntu from 14.04 onwards and is as 
uncomplicated as its name suggests. We’re going 
to allow OpenVPN to connect to and through it using 
thefollowingtwo commands: 

| # ufw allow ssh 
| # ufw allow 1194/udp 


Possible clients 

You can also use OpenVPN to connect to 
the VPN server, which is a lot easier on 
Linux systems than some others as it 
is usually fairly quick to set up once the 
server is done. Remember that you will 
always need to create a profile and key for 
each client. 


Once those rules have been written, open up the 
ufw config file with nano at /etc/default/ufw and 
change DROP to ACCEPT in the following line: 

| DEFAULT_F0RWARD_P0LICY=“DR0P” 


Ar Make the rules 

w w We need to make some new rules for the way 
the network address is translated and the way IP is 
masqueraded. To do this, we need to open up before, 
rules using nano at the location /etc/ufw/before.rules, 
and then add the following after the first paragraph: 


| # START OPENVPN RULES 


| # NAT table rules 
| *nat 

| :POSTROUTING ACCEPT [0:0] 

| # Allow traffic from OpenVPN client to 
eth0 

| -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j 
MASQUERADE 
| COMMIT 

| # END OPENVPN RULES 


Enable the firewall 

W V Once you’ve saved these new settings 
you can finally enable ufw for use. To do this in the 
terminal you’ll want to type: 
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Create new keys 

If you want to keep creating keys for 
different clients then you can just repeat 
Step 15 and give a different name to the 
client Try to keep the names different so 
that you won’t get any clashes occurring 
within the system. 


| # ufw enable 


It will ask you if you really want to enable ufw, to 
which you can type y to confirm. It will inherit allot 
the settings we’ve just modified and added, which 
will ultimately enable us to reroute traffic from a 
client system. 


Check the firewall status 

W # You can check the status of the firewall using 
ufw status at any time - it will let you know whether 
it's on or not and what rules and actions are currently 
being taken on certain ports. It only shows what the 
ports are doing when on, though. 

AQ Install Certificate Authority 

W O We need to be able to have a way to generate 
and authenticate certificates for both the server and 
client to enable for secure communication between 
the two. To do this, set up a Certificate Authority. 
Start by copying the RSA scripts we looked at over 
with: 

| # cp -r /usr/share/easy-rsa/ /etc/openvpn 


... and then create the following directory for key 
storage:/etc/openvpn/easy-rsa/keys. 


| export KEY_PROVINCE=“DT” 

| export KEY_CITY=“Bournemouth” 

| export KEY_ORG=“Amazing, Inc” 

| export KEY_EMAIL=“rob@amazing.com” 

| export KEY_OU=“Department of Excellence” 


A A Server keys 

IW Now we are going to build a security key 
for our VPN server. You can do this in the 
terminal from the same directory as before 
by using: 


Af\ Name the server 

I w The final part of the vars file to edit is the 
‘export KEY_NAME’ line below these details. For the 
sake of making this tutorial easy, change it to: 


| export KEY_NAME=“server” 

If you wish to give it a different name, you’ll have to 
start editing the OpenVPN config files that reference 
server.key and server.crt. For now then, we will refer to 
it as server and you can change it if and as you wish. 


A A Generate parameters 

I I We need to generate a Diffie-Flellman 
parameter for the key exchangee - this is a 
secure way of exchanging encrypted keys over a 
public network and essential for our server. To do 
this, you’ll need to type the following command into 
the terminal: 

| # openssl dhparam -out /etc/openvpn/dh2048. 
pem 2048 


It takes a while as it calculates everything that 
is needed. 


| # ./build-key-server server 

It will ask you again to confirm the details of the 
location of the server, but it will also ask you to add 
a password. Leave the password fields blank. You 
do want to sign and commit the certificate, so hit y 
on those. 


A / Turn OpenVPN on 

I “T We now need to move the keys to a location 
that OpenVPN actually expects to see them; in this 
case it’s /etc/openvpn. We need to do the move 
using: 


I # cp /etc/openvpn/easy-rsa/keys/{server. 
ert,server. 

key,ca.crt} /etc/openvpn 


Once that’s done, you can finally start the server 
ready to receive clients by using: 

| # service openvpn start 


Use service openvpn status to check if it’s on or not. 

Create a key for the client 

I w We can now build a unique key for the client 
that is based partly on the name of the client itself. 
You can create it from the directory we are already in 
by using: 

| # ./build-key [name] 



A*} Build Certificate Authority 

I We need to do a bit more prep first before we 
build our CA. Firstly, to make things easier use cd to 
move into the /etc/openvpn/easy-rsa. From here you 
can initialise the public key infrastructure using the 
command below: 


|#. 


./vars 


Easy variables 

w w We need to change the variables for RSA 
so we can create keys for our specific purposes 
and location. To do this open up the config file / 
etc/openvpn/easy-rsa/vars with nano and edit the 
following to you r spec: 


It will warn you that by running clean-all you will be 
deleting all the current keys. As they’re old and we 
don’t run them, we are going to do exactly that: 

| # ./clean-all 

Finally, actually build the CA using: 


| export KEY_COUNTRY=“UK” 


Again, don’t give it a password or optional company 
info, and make sure you agree to sign the certificate 
and commit it. 

A Prepare the client configuration 

IwThe example file that we can use on all 
the clients is already in the filesystem, but we 
need to move it to the right location for us to 
make the make the most of it. We’re also going 
to change the filetype of the example during 
the copy to better suit what the client will expect: 


| # cp /usr/share/doc/openvpn/examples/ 
sample- 

config-files/client.conf /etc/openvpn/easy- 
rsa/ 

keys/client.ovpn 
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Fite Edit View Search Terminal Help 

what you are about to enter Is what Is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields there will be a default value. 

If you enter the field will be left blank. 


Country Name (2 letter code) [UK]: 

State or Province Nane (full nane) [DT]: 

Locality Nane (eg, city) [Bournemouth]: 

Organization Name (eg, company) [Amazing, Inc]: 

Organizational Unit Name (eg, section) [Department of Excellent]: 

Common Nane (eg, your nane or your server's hostname) [cllentl]: 

Nane [server]: 

Email Address [rob@anazlng.com]: 

Please enter the following 'extra' attributes 
to be sent with your certificate request 
A challenge password []: 

An optional company nane []: 

Using configuration from /etc/openvpn/easy-rsa/openssl-l.O.e.cnf 
Check that the request matches the signature 
Signature ok 

The Subject's Distinguished Name Is as follows 
countryName :PRINTABLE:'UK' 

stateOrProvlnceName :PRINTABLE:'DT' 
localltyNane :PRINTABLE:'Bournemouth' 

organlzatlonName :PRINTABLE:'Amazing, Inc' 

organlzatlonalUnltNane:PRINTABLE:'Department of Excellent' 
conmonName :PRINTABLE:'cllentl' 

name :PRINTABLE:'server' 

enallAddress :IA5STRING:'rob@anazlng.com' 

Certificate Is to be certified until Jun S 15:09:14 2025 GMT (3650 days) 
Sign the certificate? [y/n]:y 


15 


Create a key 
for the client 


1 out of 1 certificate requests certified, comnlt? [y/n]y 
Write out database with 1 new entries 
Data Base Updated 

root@ubuntubeta:/etc/openvpn/easy-rsa# | 


“Once you’ve set up a way to connect 
to the server from clients, you can 
begin testing the server out” 


Move files to client 

I # Once all the keys and example files are set up, 
you need to move certain files to whatever client you 
want to use to connect to this server. This includes 
four specific files: the first two are client-specific 
and use the name that we specified earlier as 
follows: 

| /etc/openvpn/easy-rsa/keys/[name] .crt 
| /etc/openvpn/easy-rsa/keys/[name]. key 

The other two files are used on every client, and they 
are the following: 


| /etc/openvpn/easy-rsa/keys/client. ovpn 
| /etc/openvpn/ca.crt 

Do this with all the clients. 


* Q Connect remotely 

IO Once you’ve set up a way to connect 
to the server from clients, you can begin 
testing the server out and using the full 
facilities of a VPN. Whether you’re doing 
it for business or just at home, it’s an 
excellent way to work or use the Internet in 
an unrestricted way. 
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■ 100,000 Stars is an interactive Google Chrome experiment, using WebGLto create impressive visuals detailing our nearest stars 


Render 2D and 3D 
graphics with WebGL 


Advisor 

MihalisTsoukalos 

is a UNIX administrator, a 
programmer (UNIX and iOS), a 
DBA and a mathematician. He 
has been using Linux since 1993 



Resources 

OpenGL opengl.org 
OpenGL ES ios.org/opengles 

WebGL khronos.org/webgl 

Reference Cards bit.i y /izcQ8a4 


Master graphics in your browser by 
learning to write WebGL programs to 
display 2D and 3D objects with JavaScript 


OpenGL is a well-known standard for 
generating 3D as well as 2D graphics; 
it’s extremely powerful and has many 
capabilities. OpenGL is defined and 
released by the OpenGL Architecture Review 
Board (ARB) and is a big state machine. Most calls 
to OpenGL functions modify a global state that 
you cannot directly access. WebGL is a JavaScript 
implementation of OpenGL ES 2.0 that runs on 
the latest browsers. The OpenGL ES (Embedded 
Subsystem) is the mobile version of the OpenGL 


standard and is targeted towards embedded 
devices. OpenGL ES is a C-based, Platform-Neutral 
API. The OS must provide a rendering context that 
accepts commands as well as a framebuffer that 
keeps the results of the drawing commands. 

All modern web browsers support the WebGL API 
by default so you do not need to do any extra work 
to use WebGL. If you want your WebGL programs to 
be available to the world, you will need to put them 
in a web server. Finally, all the code referred to in 
the steps can be downloaded from FileSilo.co.uk. 
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> A How to use WebGL 

W I Before starting to write small WebGL 
programs, you will need to write some HTML code to 
use it as a template. The HTML code itself does not 
really matter in this instance as long as it fits your 
needs (see ‘init.html’). 

The code does nothing but initialise some basic 
stuff that you should use later. The most important 
stuff is the definition of canvas; everything will 
be drawn inside the canvas element. You will 
also need to use a context name: some 
supported context names are ‘webgl’, ‘experimental- 
webgl’ and ‘webkit-3d’. You can paint the canvas any 
colouryou want. 



AA Draw a simple shape 

wfc Drawing 2D or 3D shapes used to require 
expensive hardware and specialised software but 
nowadays, even a smartphone can run WebGL. 

The presented HTML code (see ‘rectangle.html’) 
draws a 2D rectangle on-screen using WebGL. In 
order to separate the two triangles that compose the 
rectangle, the coordinates for the second triangle 
are slightly changed in order for you to distinguish the 
two triangles. 

If you don’t want a line to separate the two 
triangles, you should define the vertices array using 
the following code: 

| var vertices = [-0.75, -0.75, 0.75, -0.75, 0.75, 
0.75, -0.75, -0.75, 0.75, 0.75, -0.75, 0.75 ]; 

AA The code explained 

ww The JavaScript code is pretty 
straightforward. Nevertheless, it contains some 
mathematics that is needed for defining the 
coordinates of the rectangle’s vertices. 

The following line defines a buffer which will hold 
thevertexdata: 


r myVertexBuffer = gl.createBuffer(); 



The following line of code defines the number of 
triangles you want to draw: 

| gl.drawArrays(gl.TRIANGLES, 0, 6); 

‘createShaderfetr, type)’ and the ‘createProgram(vstr, 
fstr)’ functions are standard code that you are going to 
use inyour programs in someform or another. 

Please also note that it would be a good idea to 
specify the size of the canvas that you are drawing 
onto using pixels. 

A / About drawing 

w“T In WebGL there are three types of drawing 
primitives: points, lines and triangles. The most 
widely used primitive is the triangle, as every 3D 
object in WebGL is composed of triangles. The 
programmer should give the coordinates of the 
triangles that compose the desired shape. For 
drawing a rectangle you will need to draw two 
triangles. Therefore, you will need an array with 
six points in 2D dimensions because each triangle 
needs three points in orderto be defined. 


Ar The aspect ratio 

ww The programmer has to deal with the 
proportions of the WebGL native coordinate 
system. So, in order to make a square look like 
a square on-screen, you will have to calculate 
the aspect ratio. Then, you multiply the y 
values of each vertex by the aspect ratio and you 
are done. 

Be careful of confusing the WebGL native 
coordinate system with the Cartesian coordinate 
system that is used for specifying the points in the 
programs you are using. 

Drawing the rectangle using the correct aspect 
ratio requires the following changes to the code: 

| var AR = myCanvas.width / myCanvas. height; 

| var vertices = [-0.75, -0.75 * AR , 0.75, -0.75 
* AR , 0.75, 0.75 * AR , -0.75, -0.74 * AR , 

0.74, 0.75 * AR , -0.75, 0.75 * AR]; 

You can see from the output that the canvas has the 
same size as before, but the shape is now sketched as 
a square (see ‘aspectRatio.html’). 
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AO Thegl.drawArraysfunction 

w w The WebGL function used for drawing is 
called drawArrays. 

The first argument to the gl.drawArrays 
function specifies the drawing mode. If you want 
to draw a solid triangle, you will use gl.TRIANGLES. 
Alternatively, you can use gLLINES and gl.POINTS 
for drawing lines and points respectively. The 
third argument of the function is really important 
because it declares the number of points that you 
will get as input. When you have problems with your 
output, checkthis parameterfirst. 

[YJ Draw multiple shapes on-screen 

V ! This part will show you how to draw 
multiple rectangles and triangles on-screen (see 
‘multipleShapes.html’). Each shape will have its own 
colour. This method is particularly useful as it shows 
how to create autonomous functions that generate 
objects based on user-defined parameters. This 
means that you can create your own JavaScript 
library of useful functions that you can reuse. The 
secret is that you fill the WebGL buffer with data 
- that is, the shapes you want - until you finish 
with your drawing and then you display the buffer 
on screen! 

Explaining the code 

V/O The program uses an external JavaScript 
file with various help functions called ‘utils.js’. 
Its purpose is to avoid writing the same functions 
inside your scripts every time. Another important 
reason for using an external file is that if you 
find a bug or you make an improvement to an 
existing function, you only have to make changes to 
one file. 

The two shaders are now stored in two separate 
<script> tags and compiled usingthe following code: 

| vertexShader = createShaderFromScriptElem 

ent(gl, "2d-vertex-shader"); 

| fragmentShader = createShaderFromScriptEl 

ement(gl, "2d-fragment-shader"); 

| program = createProgram(gl, [vertexShader, 

fragmentShader]); 

| gl.useProgram(program); 


It is not necessary to understand every single line of 
JavaScript code in order to experiment with WebGL. 
Use the existing code as a template, program your 
own draw functions and create your own shapes! 

AQ Usingfourtrianglestocreate 
a rectangle 

Now let’s look at using more triangles to construct a 
rectangle (see ‘rect4tria.html’). Although using more 
than two triangles for a rectangle is redundant, there 




are cases where you will need to describe a shape 
using more triangles to generate a smoother and 
more accurate shape. 

To better understand the decomposition, each 
rectangle will use a different colour. Because the 
point with coordinates (200, 200) is a common 
point for all triangles, every triangle uses the (200, 
200) point. As triangles need just three points 
to be defined, the actual order of the points is 
unimportant. The point order is more important for 
shapes with more than three points. 


About shaders 

There are two kinds of shaders: vertex and 
fragment. The vertex shader gets executed first and 
the fragment shader gets executed second. 

Vertex shaders are used for controlling 
the points or vertices on a shape. In order to 
rotate an object in space, your vertex shader is 
responsible for applying a user-defined matrix to 
rotate your coordinates. 

Fragment shaders are used for defining the colour, 
texture mapping, lighting and depth values for each 
pixel. The gLPosition variable defines which pixel of 
the screen to draw on, while the gLFragColor variable 
defines the colour it should be. 

The programming language used for defining 
shaders looks a lot like C. You can even write your 
shader code using separate files and include it in your 
JavaScript code. Both kinds of shaders run entirely 
on the GPU of the graphics card; therefore you want 
to keep the GPU as busy as possible in order to let the 
CPU do the other work. 
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i| The WebGL Pipeline 

I I The programmable rendering pipeline makes 
it possible to write your own functions to control how 
shapes and images are rendered with the help of 
vertex and fragment shaders. There’s a good digram 
of the rendering pipeline in Dev.Opera’s Raw WebGL 
101 guide: bit.ly/ZWgkFW. The pipeline is complex 
and shows how WebGL works behind the surface. 
Note that the vertex and fragment shaders are 
compiled and linked before used. 


Drawing a cube 

I ^ There is a JavaScript library called Three, 
js (threejs.org) that makes WebGL very easy to use 
by allowing you to create WebGL programs using 
less code. Its disadvantage is that the code is not 
directly portable to either OpenGL or OpenGL ES. 
Its advantage is that you can create sophisticated 
programs without having to write many lines of 
JavaScript code. 

Our example (see ‘cube.html’) creates and rotates a 
cube in a 3D space. Writing a similar program in plain 


WebGL JavaScript would require over 500 lines of 
code and an article of its own! 

Explainingthecode 

The Three.js library is high level compared to 
WebGL. You do not need to write code to initialise all 
things. You create a cube usingjustone line of code: 

| var cube = new THREE.Mesh(new THREE. 

CubeGeometry(250, 250, 250), 

| new THREE.MeshFaceMaterial(materials)); 

You can use different colours for each cube face using 
the optional variable materials. You then need to add 
the cube to the scene in order to be displayed using 
the following line of code: 

| scene.add(cube); 

Final words 

If you were going to construct the cube using 
WebGL and triangles, you would need to define its 


six faces. Each face needs at least two triangles to 
be defined. The reason I am saying at least is that, 
as you saw before, you can use more triangles if you 
want but you are goingto need 12 triangles in total. 

The main advantages of WebGL are that it is 
easy to learn if you are already familiar with either 
OpenGL or OpenGL ES, its code is directly portable 
to both OpenGL and OpenGL ES and that you have 
greater control over what you are drawing. 

If you want to do something fast, then learn 
Three.js, but if you are more concerned with 
having full control over what you are doing, then 
WebGL is the way to go! 

“If you want to 
do something 
fast, then learn 
Three.js” 
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This is a density 
plot that is 
drawn on top 
of a histogram. 
Drawing using 
layers has many 
advantages 


This plot 
combines a 
scatter plot layer 
with a smooth 
layer. The shape 
of each point 
depends on the 
value of the Linux 
variable found in 
the LUD dataset 



This is the full 
Rcode of the 
‘chrome.R’ script 
used in step 11. 
The produced 
image is quite 
simply amazing 


This is the format 
and some of the 
data from the 
LUD dataset used 
in this article 
for illustrating 
the varied 
capabilities 
ofggplot2 


Generate complex 
graphics with ggplot2 


Advisor 



MihalisTsoukalos 

is a UNIX administrator, a 
programmer (UNIX and iOS), a 
DBA and a mathematician. He 
has been using Linux since 1993 


Resources 

R Project r-project.org 
RStudiO rstudio.com 
ggpl0t2 ggplot2.org 

Documentation 


RSQLite bit.ly/IArJvkc 


Seen as the new version of S, learn how to 
create truly impressive plots using R and 
the ggplot2 package 


R is a GNU project based on S, which 
is a statistics-specific language and 
environment developed at the famous 
AT&T Bell Labs. You can think of R as the 
free version of S. Despite its simple name, R is a 
powerful piece of software for statistical computing 
with many capabilities and an interpreted 
programming language. 

R packages can greatly extend its capabilities. 
Ggplot2 is an R package, written by Hadley 
Wickham, that is used for producing statistical 
and data graphics, working with plots in layers. 
Despite being a powerful package, it is reasonably 
easy to learn and produces sophisticated and 
beautiful plots that are of publication quality. Its 


main difference from most other graphics packages 
is that it has a deep principal grammar. Learning 
its grammar, which is based on the book The 
Grammar Of Graphics, will help you design better 
plots but it is not required in order to follow this 
article. In other words, the grammar tells that a plot 
is a mapping from data to aesthetic properties of 
geometric objects. 

This article is full of practical examples that 
demonstrate the use of ggplot2 for drawing many 
different kinds of plots, including a plot of the 
Chrome’s history file! 

Feeling comfortable with mathematics and 
statistics is helpful but not vital for understanding 
this article. 
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“Experiment with your data and the 
various types of plots that R and 
ggplot can generate” 


Q*| Install ggplot2 


First run R. The ggplot2 R package isn’t 
installed by default, so check if you already have it 
installed by running: 

| > require(ggplot2) 

| Loading required package: ggplot2 

If it’s not installed, download and select: 

| > install.packages(“ggplot2”) 

If you execute the libraryO function without 
arguments, you’ll get a list of installed packages. To 
get a detailed output, run the installed.packagesO 
command without any arguments. 

About Rand data visualisation 

Wfc. R is a command line application, which is 
fine for plain text output but not for graphical output. 
RStudio is a more preferable graphical wrapper for R. 

When visualising data, remember that not every 
plot suits every data set. This knowledge comes 
from experience, and experience comes from 
experimentation, so don’t forget to experiment with 
your data and the various types of plots that R and 
ggplot2 can generate. 


Usequickplot() 

wO The ggplot2 package offers two main 
functions: quickplotO and ggplotQ. The quickplotO 
function, qplotO, is similar to the plot() R function 
and is good for simple plots. The quickplotO 
function hides what happens underneath, whereas 
ggplotO is harderto use but is more flexible. 

The following commands draw a plot using 
columns V2 and V3 from the data variable: 

I > str(data) 

| ‘data.frame’: 16180 obs. of 3 variables: 
I $ VI: num 0 0 0 0 0 0 0,98 1 1.06 1 ... 

| $ V2: num 0.01 0.01 0.01 0.01 0.03 0.01 
0.58 0.85 1.01 1.01 ... 

| $ V3: num 0.05 0.05 0.05 0.05 0.05 0.05 
0.27 0.48 0.65 0.75 ... 

| > quickplot(data$V2, data$V2) 

The following version adds colour to the output: 

| > quickplot(data$V2, data$V3, color=data$Vl) 

A/ Work with ggpairs() 

W™T The ggpairsO command finds relations 
between variables and then calculates the 
coefficient of correlation value. The coefficient of 
correlation is linked to the statistical correlation, a 


technique that shows whether or not two variables 
are related. As the coefficient of correlation 
approaches zero there is less of a relationship (no 
correlation), whereas the closer the coefficient 
is to -1 or +1, the stronger the correlation (positive 
or negative) is. A positive correlation shows that 
if one variable gets bigger then the other does as 
well. Conversely, a negative correlation denotes 
that if one variable gets bigger then the other 
becomes smaller. 

The presented plot was produced using the 
following commands: 

| > data <-read.table(“uptime.data”, 

header=TRUE) 

| > require(ggplot2) 

| > require(GGally) 

| > require(CCA) 

| > ggpairs(data) 

Generate bar plots 

ww Now use a sample dataset for plotting. 
The LUD dataset, available from FileSilo, is stored 
in a plain text file, named Lud.data. The titles 
of the columns are named to refer to their 
values. You can load the dataset into R using the 
following command: 


| > LUD <- read.table(“lud.data”, 
header=TRUE) 

The bar plot is simple. This command generates it: 

| > ggplot(LUD, aes(x=RAM, y=SSD)) + geom_ 
bar(stat=“identity”) 

If you type ggplot(LUD, aes(x=RAM, y=SSD)) without 

specifying a plot, the command will show the ‘Error: 

No layers in plot’ message. 

To change the colour of the bars, try the 

followingvariation: 

| > ggplot(LUD, aes(x=RAM, y=SSD, 
fill=Uptime)) + geom_bar(stat=“identity”) 
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Add titles and labels 

W w Sooner or later, it’s likely that you will want 
to add a title and labels to the output. Adding a 
main title is simple - you just need to make use of 
the labsO function in order to do so. The previously 
plotted bar plot can thus be modified with inclusion 
of the the following command at the end: 


| > ggplot(LUD, aes(x=RAH, y=SSD, 
fill=Uptime)) + geom_bar(stat=“identity”) 
+ labs(title=“This is a Title”) 


Adding X and Y labels can be done by entering 
the following: 



| > ggplot(LUD, aes(x=RAM, y=SSD, 

fill=Uptime)) + geom_bar(stat=“identity”) 
+ labs(title=“This is a Title”) + xlab(“X 
Label”) + ylab(“Y Label”) 

More about titles and labels 

/ As well as add them, you can also change 
the appearance, size, font and colour of all the titles 
and labels. The following command makes the title 
blue and its size larger usingthe theme() function: 

| > ggplot(LUD, aes(x=RAM, y=SSD, 

fill=Uptime)) + geom_bar(stat=“identity”) 
+ labs(title=“This is a Title”) + xlab(“X 
Label”) + ylab(“Y Label”) + theme(plot. 
title = element_text(size = rel(2), colour 
= “blue”)) 

To change the attributes of the X and Y axes, use the 
axis.line function: 

| > ggplot(LUD, aes(x=RAM, y=SSD, 

fill=Uptime)) + geom_bar(stat=“identity”) 

+ labs(title=“This is a Title”) + xlab(“X 
Label”) + ylab(“Y Label”) + theme(plot. 
title = element_text(size = rel(2), colour 
= “blue”), axis.line = element_line(size = 
3, colour = “red”, linetype = “dotted”)) 


AQ Create histograms 

wO Generate histograms using the geom_ 
histogramQ function, similar to the geom_barQ 
function, and change the number of bars using the 
binwidth argument. Plot a simple histogram using 
the following command: 

| > ggplot(LUD, aes(Years)) + geom_ 
histogram(binwidth=l, color=‘gray’) 

Using the geom_densityO function you can draw a 
density plot: 

| > ggplot(LUD, aes(Years)) + geom_ 
density(binwidth=l) 

The following command draws a histogram and a 
density plot on the same plot: 

| > ggplot(LUD) + geom_histogram(aes(Years, 
..density..), binwidth=2, color=‘white’) 

+ geom_density(aes(Years, ..density..), 
binwidth=2, color=‘red’) 

If you put the geom_density() command first, the 
histogram will be on top of the density plot and 
therefore the density plot will not be all visible. 



AA Add smooth layers 

W 57 Another type of layer is the smooth layer. 
It doesn’t display raw data, but rather a statistical 
transformation of the data. 

The (method="lm”) parameter generates a linear 
regression line instead of a LOESS (local polynomial 
regression fitting) curve, which is the default for 
samples with less than 1000 observations. For 
bigger samples, the default method is called GAM 
(generalised additive model). The produced plot was 
generated with the following commands: 

|>q<- ggplot(LUD, aes(x=RAM, y=SSD)) 

I > q + geom_point() + geom_smooth() 

I > q + geom_point() + geom_ 
smooth(method=‘ lm’) 
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A Boa Plot 


12 


Box plots 


S 


Work with shapes and facets 

I W The following plot draws points using 
different shapes depending on the value of the non- 
continuous Linux variable: 


| > ggplot(LUD, aes(x=RAM, y=Uptime)) + 
geom_point(aes(shape = Linux)) 


A facet allows you to split up your data by one 
or more variables and then plot the subsets of 
data together. Using facets is also a great way of 
generating conditional plots. Try the following point 
plot, which will generate two plots depending on the 
two different values of the Linux variable: 

| > ggplot(LUD, aes(x=RAM, y=Uptime)) + 
geom_point() + facet_grid(Linux ~ .) 

The facet_grid() function works fine when using 
continuous variables. 


A A VisualisingChrome’shistoryfile 

I The history file of Chrome (simply called 
History) stores its history of visited websites in 
SQLite3 database format. Therefore, you can use the 
RSQLite R package to read it. The ‘chrome.R’ script 


generates an impressive output using RSQLite and 
ggplot2 with many layers. It can be done as follows: 

| $ ./chrome.R 

| Loading required package: methods 
| Loading required package: DBI 
| $ Is -1 Rplots.pdf 

| -rw-i—r—@ 1 mtsouk staff 5089 Nov 27 
09:42 Rplots.pdf 

The produced result is automatically stored in a file 
called ‘Rplots.pdf file. 

A Use box plots 

I A box plot can give you information regarding 
the shape, the variability and the median of a data 
set, quickly and efficiently. The presented box plot 
was generated usingthe following R command: 

| > ggplot(LUD, aes(Linux, Uptime)) + geom_ 
point() + geom_boxplot(colour = “red”) + 
labs(title=“A Box Plot”) 

Based on the two discrete values of the variable, the 
output is divided into two subsets. For each su bset, a 
separate box plot is produced individually. 


Create R Scripts 

I It is very useful to learn how to create R 
ts in order to use ggplot2 inside bigger scripts 
;an run as cron jobs. A sample script file, named 


| $ chmod 755 ggplot.R 
I $ ./ggplot.R 
| $ 11 
| total 160 

| -rwxr-xr-x@ 1 mtsouk staff 234 Nov 
14 22:41 ggplot.R 

| -rw-i—i— 1 mtsouk staff 73820 Nov 
14 22:43 ggplot.png 
| $ file ggplot.png 

| ggplot.png: PNG image data, 1280 x 800, 
8-bit/color RGBA, non-interlaced 


A / Final thoughts 

I “T The more you use ggplot2 and the better you 
know your data, the better the output you’ll achieve. 
Just don’t forget that ggplot2 works using layers! 
Also, to take full advantage of plotting you’ll have to 
plot the right metrics, and finding the right metrics is 
not always simple, but once you have the hang of it, it 
will become second nature. 
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Sending a signal to a process without having the 
necessary permissions is not allowed 


A small part of the man page of the signal 
system function: man 7 signal 


A part of the man page of the kill command which This is the full C code forthe basic handling of 

can be seen by executing “man kill” the SIGINT and SIGUSR1 signals 


Master UNIX signal handling 

Learn how to utilise signals and program their handling in C 


Advisor 

MihalisTsoukalos 

is a UNIX administrator, a 
programmer (UNIX and iOS), a 
DBA and a mathematician. He 
has been using Linux since 1993 

Resources 

A text editor 
AC compiler 



UNIX signals are software interrupts that 
offer a way of handling asynchronous 
events on a UNIX system. Every 
application, apart from the trivial ones, 
must be able to deal with signals. This article 
will introduce you to the most important signals 
and show you ways of handling them in your 
Linux applications. 

Each signal can be identified by name or numeric 
value, but using the signal name is easier to 
remember and the recommended way. In order to 
send a signal to a running application, you should 
have the required UNIX privileges. If you are the root 


user, you can send any running process any signal 
you want. Signals are important for avoiding blocking 
situations and blocking can happen when waiting for 
user input, reading a file or reading from a device. 

Example code has been uploaded to 
FileSilo.co.uk/bks-835 for you to follow along with. 
The examples use the printf() C function inside 
signal handler functions for educational reasons 
only; it is considered very bad practice to use them in 
production code as it can introduce nasty bugs. 

Signals can also be handled in other programming 
languages, including Perl and Python, as you will see 
at the end of the article. 
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About signals 

w I All signal names begin with SIG, which is 
sometimes not mentioned in the documentation 
available online. The following command shows a list 
of all signals: 

| $ kill -1 


All signals have a default action but most of them 
allow you to bypass the default action by writing your 
own code. 


■tsouk*Mll:^$ kill -l TERM 
15 

■tsoukgwll:** kill -l 15 
TERM 

■tsoukfall:-*_ 


AQ The kill command 

Wb The kill command sends the TERM signal 
by default. Therefore the following two commands 
are equivalent: 


| $ kill -TERM <process_id> 
| $ kill <process_id> 


You should avoid sending the SIGKILL signal at a 
running process unless it is absolutely necessary. 
The KILL signal is noncatchable and nonignorable 
signal that violently terminates a process without 
allowing it to clean up properly. 

If you run the kill command followed by the -l 
option followed by a number it will return the signal 
name. Similarly, if you give a signal name, it will 
return the signal number. 


AA The three most 
LW 1 common UNIXsignals 

Have you ever pressed Ctrl+C in order to stop a 
program from running? Ctrl+C sends the SIGINT 
signal to the program; SIGINT is the most commonly 
used signal. 

Another important signal is SIGKILL, which 
happens when you kill a process using the kill -9 
command. As you will see in the next step, SIGKILL is 
a special kind of signal. 

Another useful signal is called SIGHUP, which is 
commonly used to notify server processes to reread 
their configuration files. 


• r*n _ lundteOfM.C 


S AA Explain the 

♦include <stdio.h> 

♦include <signal.h> 

Ccode 

static void handte_usrl(int signo) 


if < signo = SIGUSR1) 


printf ("Received SIGUSRl\n"); 


else U This should not happen 
{ 

printf ("Unknown signal !\n"); 

u* > 

return; 

} 


int mam(int argc, char ** argv) 

{ 


if < signal! SIGUSR1, handle_usrl» — S1G.ERR) 


printf ("There was an error while handling th< 
return -1; 

> 

e SIGUSR1 signal\n"); 

while(l) 


return 0j 

} 


limr Hi L * fab V/v 4* & : luvwtts wtrl 


“The KILL signal is similar to 
unplugging from the mains” 


A / Signal handling 

w“T A program cannot handle all signals; some 
of them are noncatchable and nonignorable. The 
signals SIGKILL and SIGSTOP cannot be caught, 
blocked or ignored. The reason for this is that 
they provide the kernel and the root user a way of 
stopping any process. 

The number for the KILL signal is 9. It is usually 
called in extreme conditions where you need to act 
fast, so it is the only signal that is usually called by 
number because it is quicker to type one number 
than to type in a phrase. 

The effect of the KILL signal is similar to 
unplugging your computer from the mains instead 
of powering it down normally and can cause various 
problems, especially when it is used to stop server 
processes such as database, web and email servers. 

Handling just one signal 

w w Our example C program ‘handleOne’ handles 
the SIGUSR1 signal. SIGUSR1 is a user-defined 


signal for use in application programs and its default 
action is ‘terminate’. By handling it, you change its 
default action. 

Apart from the USR1 signal that is specifically 
handled, all of the other signals will be handled 
using their default behaviour. You can use Ctrl+C 
to stop the program or the kill command from 
anotherterminal. 

AA Explain the C code 

W w The C code is easy to understand. The 
signal function defines that the handle_usr1 
function will be called when a SIGUSR1 signal 
occurs. You can referto a signal either by name or by 
number inside your code, but it is advised to referto 
it by its name rather than by its signal to make your 
code easierto read. 

The endless whileO loop is used for making the 
program run forever in order to be able to test signal 
handling and, usually, server processes will have a 
similar code. 
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handlingfunctions makes your life easier butyou will 
then need to write more code. 

The problem is that you have to explicitly add the 
signals you want to support, which is especially 
tedious if you are planning on supporting more 
signals, but there is no other way to do it. You will 
learn howto block multiple signals inStep 14. 


/V^ The signalO function 

w# The signalO function, which we use in 
our example code, takes two arguments. The 
first argument is the name or the number of 
the signal. The second argument is a function 
name: the signal handler. If the value is SIG_DFL, 
default handling for that signal will successfully 
occur. However, if the value is SIGJGN then the 
signal will be ignored. Otherwise, it must be a 
valid function name that will be called when that 
signal occurs -in the case of our example, this 
function is handle_usr1. New applications should 
usesigactionO instead of signalO. 


The raise() function 

I w A process can send itself a signal with 
the help of the raise function. Its very simple to 
use and you should have no problem including 
it in your programs. Unlike the signal function, 
which takes two arguments, the raise function 
accepts just one argument: the name or the number 
of the signal (see ‘raise.c’). 


AQ The SIGALRM signal 

wO Imagine that you have a program that waits 
for user input but, for some reason, the user does 
not type anything or does not know that he or she 
has to type. Should the computer wait forever? 
The solution to this kind of problems is given by 
the SIGALRM signal. The alarmO system call is 
really a timer that allows you to receive SIGALRM 
in a preconfigured number of seconds (see 
‘signalALARM.c’). 

Compiling and running the code produces the 
following output: 


Handlingtwo signals 


| $ gcc -Wall -o signalALARM signalALARM.c 
| codeS ./signalALARM 
| You only have 10 seconds to type your 
name: Too late... Please try again... 

| Too late... Please try again... 

| Mihalis 
| Hello Mihalis 


Real work with signal handling 

The single most important task of a signal 
handler function is to make sure that the signal 
does not do any damage to data. Think of it as an 
object destructor in object-oriented terminology. 
The most common job of a signal handler function is 
to gracefully close files or connections, write data to 
disk and then allow a program to exit. 


A A How Apache handles signals 

I ^ The Apache parent process can handle 
the TERM, USR1, HUP and WINCH signals. 
The TERM signal ends the Apache process in a 
bad way and should therefore only be used in 
extreme situations. 

The USR1 signal causes the Apache parent 
process to advise the children to exit after serving 
their current request. After all the children are done, 
the parent rereads its configuration files, reopens 
its log files and restarts then child processes. If the 
new Apache configuration file has errors in it, then 
Apache will not restart: it will exit with an error. 

The HUP signal does the same job as the USR1 
signal but with a big difference. Instead ofwaitingfor 
the children to exit gracefully, it just kills the children. 

The WINCH or graceful-stop signal causes 
the Apache parent process to advise the children to 
exit after serving their current request, remove its 
PID file and stop listening to ports without quitting. 
After the termination of all children, it will also quit 
itself. This functionality is very helpful when you are 
upgrading Apache but it can cause deadlocks and 
race conditions sometimes. 

On a Debian 7 system, the process id of the 
Apache parent process can be found in the /var/run/ 
apache2.pid file. 



A A The sigactionO system call 

IW The sigactionO system call has the 
same basic effect as signalO. Sigaction can 
offer more control but it also adds more 
complexity. In particular, sigaction can let you 
specify additional flags to control when the 
signal is generated and how the handler is invoked. 
Once a signal handler is installed, it normally 
remains installed until another sigactionO system 
call is made. 
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Its first argument specifies a signal number 
as usual. Both the second and third arguments 
are pointers to a structure called sigaction. This 
structure specifies how the process should handle 
the given signal. (See ‘sigaction.c’.) 

It is highly recommended that you use 
sigactionQ instead of signalO because sigaction is 
more reliable. 


A / The sigsuspendO and the sigprocmask() 
functions 

The combination of these two function calls allows 
you to block and unblock selected signals. They 
are usually used for protecting critical regions of 
code from being interrupted by other signals. The 
collection of signals that are currently blocked is 
called the signal mask. Each process has its own 


First, you block the signals with sigprocmask 
and then after the critical code has completed, 
you run sigsuspend with the signal mask that 
was returned by sigprocmask - it is a useful yet 
advanced technique. 

As you already know from Step 04, it is impossible 
to block SIGKILL or SIGSTOP even if you specifically 
add them into a signal mask. 



Signal sets 

Iv A very important feature is the ability to 
include multiple signals in signal sets. You will need 
the sigset_t data type to represent a signal set and 
five functions to manipulate them: sigemptysetO 
(clears the mask), sigfillsetO (sets all bits in the 
mask), sigaddsetO (sets the bit that represents 
a certain signal), sigdelsetO (clears the bit that 
represents a specific signal) and sigismemberQ 
(checks the status of a certain signal in a mask). The 
presented example (‘signalSet.c’) handles SIGUSR1 
and SIGINT and blocks all other signals. 


use warnings; 
use strict; 


■ Signal handling 

1 / in Python 

$SIG{INT} = sub { print "C, 

use sigtrap qw/handler err: 

sught a SIGINT^S 

ignal: $!\n" }; 

sub error signal handler 
{ 

print "An error signal 

12 ^ > 

caught!\n"; 


while(l ) 

{ 

sleep (30); 

> 




“Sigaction offers more control but it 
also adds complexity” 


Signal handling in Perl 

IU Perl has two ways of handling signals: 
using the %SIG hash or using the sigtrap pragma. 
The sigtrap pragma understands three groups of 
signals: normal-signals (HUP, PIPE, INT and TERM), 
error-signals (ABRT, BUS, EMT, FPE, ILL, QUIT, SEGV, 
SYS and TRAP) and old-interface-signals (ABRT, 
BUS, EMT, FPE, ILL, PIPE, QUIT, SEGV, SYS, TERM 
and TRAP). 

Our example (‘signals.pl’) uses both methods, but 
usually you only use one of them. 

| $ ./signals.pi 

| A CCaught a SIGINT Signal: Interrupted 
system call 

I z 

| [1]+ Stopped ./signals.pi 
| $ bg 

| [1]+ ./signals, pi & 

| $ ps ax | grep signals | grep -v grep 
| 32431 pts/0 S 0:00 /usr/bin/perl 
-w 7signals.pl 
| $ kill -ABRT 32431 
( $ An error signal caught! 

| $ kill -BUS 32431 
| $ An error signal caught! 

| $ kill -HUP 32431 

1 $ 

| [1]+ Hangup 7signals.pl 
| $ ps ax | grep signals | grep -v grep 



A m Signal handling in Python 

I # The Python handling of signals is similar to 
Perl. The example Python program (‘signals.py’) 
handles the SIGINT signal because it is the one most 
frequently used. 


| $ python signals.py 

I# 

| A CStop Interrupting me! 

I# 

| A CStop Interrupting me! 

I# 

r z 

| [1]+ Stopped python signals.py 
| $ kill %1 

| [1]+ Stopped python signals.py 
| [1]+ Terminated python signals.py 
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Build a RAID array 

Use RAID to create faster and more secure 
storage systems in your PC or server 


Advisor 


ft 


RobZwetsloot 

models complex systems and 
is a web developer proficient in 
Python, Django and PHP. He loves 
to experiment with computing 


Resources 

mdadm 

neil.brown.name/blog/mdadm 

Hardware RAID support 


It appears that we’re currently seeing a 
plateau on storage in hard drives. While 
we're up to about 6 TB in storage on drive, 
4 TB drives have been in circulation for 
years now. Luckily, the jump from 4 to 6 TB is larger 
than the doubling in size of old - one terabyte is 
still a lot of data, after all - but as always, files are 
getting larger and larger, and people are amassing 
more and more data. 

There have been methods in existence for a long 
time to pool multiple hard drive resources in order 
to create larger storage solutions - the benefits of 
which normally involve increased read and write 
speeds as well as large storage sections overall. 

In this tutorial we’ll teach you everything you 
need to know to set up your own RAID array. This 
involves not only doing it via hardware RAID, but 


also a software RAID in Linux. We’ll also talk about 
what you need to know when actually selecting 
hard drives, which RAID levels you should be 
looking at and what the benefits of them are. 

Hard drive selection 

For all the different versions of RAID we’ll be 
using, at the very least you need to use hard drives 
with the exact same storage - so if you had one 2 TB 
hard drive, they’d need to all be 2TB. This has a lot to 
do with the way the RAID levels write data, requiring 
each read and write operation to be replicated over 
each drive as part of the system. This means hard 
drives must be exactly same size for the files to be 
written properly. 

While you can do it with any hard drives of the 
same size, it’s far more recommended to get the 
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RAID 0 




S' 1 "X 



^ A2 ^ 

^ A3 ^ 


^ A4^ 

^ A5 ^ 


^ A6 ^ 



._A8_. 




DiskO 

Disk 1 



Disk 0 Disk 1 


■ Striping, to the left, splits the data across drives, whereas mirroring duplicates it 


Striping and 
mirroring 

“Methods to pool 
multiple hard 
drive resources 
to create larger 
storage solutions 
have existed for a 
longtime” 


same make and model of hard drive to get the 
best experience out of the RAID. There’s even an 
argument for getting similar batches of hard drives 
forthe task. Not only does this allow for even greater 
parity between the hard drives, it also makes it 
easier to replace any broken drives in the array. As 
for write speed, as long as all the d rives are the same 
speed (which will be fine with the same model of 
drives), there are no problems with using 5400,7200 
or any other speed of hard drive you have. 

ChoosingaRAIDtype 

Wfci RAID comes in different types, each 
numbered and starting at 0. The higher then number, 
the more complex the system will be (apart from 
RAID 10, which is a common abbreviation of RAID 
1+0, which we’ll cover in a moment). Choosing a RAID 
type depends entirely on your needs, budget and the 
importance of preserving the data that will be stored 
on the drives. 

For most home uses, the RAID 0, RAID 1 and RAID 
1+0 techniques may be the best. These allow you to 
increase read speed and in two cases create a larger 
storage area than any single drive. Even better, any 
failures can be easily fixed for two of them by just 
putting new hard drives into the array. 

For more advanced use, in all likelihood business 
use, RAID 5 and RAID 6 allow for more storage to 
be used over multiple drives while still having the 
levels of redundancy and backup that you see in the 
lower levels. 


Striping and mirroring 

wO RAID 0 and RAID 1 are the most common 
types of RAID arrays, and both involve one of 



disk (the RAID array deals with duplicating the data 
once it’s written). 


the two important methods of using RAID. 
RAID 0 arrays are also called striped volumes, 
whereas RAID 1 arrays are otherwise known as 
mirrored volumes. 

At its core, RAID 0 enables you to join two 
hard drives together of the same size and 
use the storage of both to create one 
large ‘hard drive’ that the system can see. It does 
this by writing data over both drives for individual 
files and such, which is usually illustrated as 
stripes. The other benefit you get from RAID 0 is 
speed, however if one hard drive fails then you will 
lose all your data. 

RAID 1 is the opposite of RAID 0: instead 
of doubling the size of one hard drive’s storage 
by combining them, instead you create a dedicated 
backup for the hard drive with each piece of 
data written twice. Read speed increases as 
before, although write speed is the same as any one 


Powers combined 

RAID 1 and RAID 0 can be combined into 
RAID 1+0, which offers both mirroring and striping. 
It requires at least four hard drives to work, and 
always needs to be an even number of hard drives. 

RAID 10 works by having pairs of hard drives that 
are setup as RAID 1 (mirroring), with each set then 
combined together with RAID 0 for striping. This 
nested RAID allows for both the read and write 
performance of RAID 0, the increase in storage 
space from the same, along with the redundancy 
and backups from the RAID 1 mirroring. If one hard 
drive dies, it can easily be replaced in order to get 
the RAID array going again. 

This is the simplest way to both increase the 
storage capacity of one array, while also having a 
way of recovering from hard drive failure. However, 
it has the most inefficient use of the space 
compared to some of the higher RAID versions. 
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RAID 5 



■ The parity 
blocks are 
indicated by the 
subscript letters 
(p and q) in these 


DiskO Disk 1 Disk 2 Disk 3 

RAID 6 


<— 1 _> 


c_> 

„ A3 ^ 


k Ap ^ 



S- Bp „ 



^C2^ 

^ PI ^ 


^ 02 ^ 


□ □ □ □ □ 

Disk 0 Disk 1 Disk 2 Disk 3 Disk 4 


Generally though, this setup can be quite good at 
home in desktops and even on home servers. 

Block-level striping 

UO The other two big RAID array types are RAID 
5 and RAID 6, which use block striping and advanced 
calculations to create backups and parity across 
drives, ultimately allowing you to use more of the data 
space across your hard drives. 

RAID 5 requires a minimum of three drives, with 
a maximum of 32 allowed in the array. What RAID 5 
does is have one drive in every stripe of data include a 
parity block - this block acts as a sort of backup and 
allows for calculations of whatever is missing if one of 
the drives die. This parity block is distributed evenly 
across the different hard drives, which allows for 
quick read requests. 

RAID 6 requires a minimum of four disks and 
introduces the concept of parity striping: parity blocks 
are split up over two drives for increased security 
against hard drive failures. This comes at the expense 
of the extra storage you’d get in a RAID 5 array, and 
write speed does not increase over normal drives. 


06 


Other RAIDs 

There are other RAID levels, however these 


four and the combinations of them are the most 
common and useful out of them. RAID 2 and 3 can 
have excellent transfers rates but are optimised 
for one operation at a time, and cannot handle 
multiple requests very well - these kinds of arrays 
are recommended for video editors that require the 
reading and writing of large files often. 

You can also do more combinations as you see fit, 
using RAID 0 to join multiple RAID 5 or RAID 6 arrays 
together to create more space while still having 
a level of parity on each nested array. These can 
be used to get around hard drive limits in massive 
servers or virtual systems, along with RAID 100 that 
has you create RAID Os with RAID 1+0 setups. While 
arrays like this do have backups and fail-safes, their 
general complexity make it more difficult to maintain 
and repair in the long run. 

Hardware RAIDs 

w / A hardware RAID allows you to set up a RAID 
array on a hardware level, which then presents Linux 
with a single hard drive that it can use as normal. The 
RAID levels you can use depend on the RAID that your 
motherboard or RAID card support. Not all RAID cards 
have Linux drivers either, so you need to make sure 
you get the exact right card forthe job. 


Setting up a RAID in this way is usually dependent 
on what kind of card or BIOS you’re using for it. You’ll 
need to first install the drives while the system is off 
though, and then look for a RAID setup utility during 
the POST part of when you turn the system on. Refer 
to the user manual for your mobo or card to find the 
exact the steps to then set up each RAID type on the 
provided hard drives. 

Once that’s complete, all you’ll need to do is format 
the drive in Linux to use it as normal. 



rtrt Software RAID 

\J O Setting up a software RAID is supported 
by Linux at the kernel level, and can allow for 
more flexibility depending on the hardware on the 
system as it supports all the above RAID types 
we’ve discussed without requiring any specific 
hardware (other than the space and slots to add 
enough hard drives). 

You’ll need to prepare your system for adding the 
RAID by checking if it first has the right modules in 
the kernel - you can check that by calling: 

| # cat /proc/mdstat 

If the file exists then you likely have the right modules 
installed (although doing a modprobe raid456 
wouldn’t hurt to make sure it’s loaded properly). 
You’ll also need to install mdadm, the multiple-disk 
administration tool: 

I # apt-get install mdadm 

You can use mdadm to not only create the software 
RAIDs, but also to manage them, redo them, rebuild 
them and even more advanced RAID tasks 


AQ Setting up a software RAID 

WW To set up a software RAID, you first need to 
make sure that all of your hard drives are installed 
into your system. For this example, we’re assuming 
you already have Linux set up on the device on a 
completely different hard drive, but you can use 
similar settings to create the RAID in a live disc 
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“Setting up a software RAID 
is supported by Linux at the 
kernel level, and can allow 
for more flexibility 


*1 Form* u eit4 

before you install to it. Boot into Linux and open the 
terminal to begin. 

First of all, we need to figure out what the hard 
drives are called on our system, so use fdisk -l to 
get a list of their addresses (/dev/sdb, /dev/sdc, etc). 
Note them down and we can set up out RAIDs. 

| RAID 0: 

| # mdadm —create —verbose /dev/md0 
—level=stripe 

| —raid-devices=2 /dev/sdbl /dev/sdcl 
| RAID 1: 

| # mdadm —create —verbose /dev/md0 
—level=mirror 

| —raid-devices=2 /dev/sdbl /dev/sdcl 
| RAID 10: 

| # mdadm -create —verbose /dev/md0 
—level=10 

| —raid-devices=4 /dev/sdbl /dev/sdcl /dev/ 
sddl / 

| dev/sdel 

| RAID 5: 

| # mdadm -create —verbose /dev/md0 —level=5 
| —raid-devices=3 /dev/sdbl /dev/sdcl /dev/ 
sddl 


| RAID 6: 

| # mdadm -create —verbose /dev/md0 —level=6 
I —raid-devices=3 /dev/sdbl /dev/sdcl /dev/sddl / 
dev/sdel 

Save and format 

Once you’re happy with the array (or arrays) 
you have created, you need to then save it. You can 
do this on an Ubuntu server by using: 

| # mdadm —detail —scan » /etc/mdadm/ 
mdadm. conf 

Or on most other distros with: 

| # mdadm —detail —scan » /etc/mdadm. 
conf 

Run cat /proc/mdstat again to see which arrays 
are now listed in the file, and it should have the one 
you’ve just set up. If it’s there, all you now need to 


JJ 


do is format to whatever filesystem you want using 
your command line or GUI tool of choice - as the 
kernel is handling the RAID communication, you 
won’t have to worry about erasing any information. 
Add it to /etc/fstab so it mounts at boot, and your 
RAID is complete! 

It's worth digging into the man page for mdadm to 
learn how you can use it to manage your RAID in the 
future, and keep it in top condition. 


JBOD 

A much simpler version of RAID is JBOD, 
or Just a Bunch Of Disks. These connect 
hard drives together to increase the 
storage capacity and split it across the 
drives. This way, if one drive dies then you 
only lose the files that are saved across 
them, but it will still work without needing 
a replacement. 
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Built from Ruby, and originally for Rails, Capistrano 3 is 
great fit for deploying other web platforms 


Capistrano’s flexibility and power can mean a lot of 
conf ig, but it’s relatively straightforward 


Continuously deploy web 
apps with Capistrano 


Advisor 


Richard Smedley 

A Unixjack-of-all-trades, Richard 
doesn't spend enough time in any 
language to get truly proficient, 
but always has a shell open so 
learnt scripting by osmosis 


Resources 

Ruby>= 1.9 

(RBENV makes it easier) 


Move your web apps’ development versions 
painlessly from staging and testing to 
deployment on databases and web servers 


git www.git-scm.cor 

Capistrano 3 


Capistrano automates deploying web 
* apps to your servers, taking care of 
tiresome tasks like running a series 
^ of remote commands on any box on 
which you have SSH access. Capistrano’s main 
recipe is deploy, containing tasks such as rollback, 
which consists of groups of commands. Servers 
are given roles: app - application servers, web - 
web servers, and db - database servers. Within 
this (expandable) framework, it’s easy to adjust 
Capistrano’s configuration files for your particular 
app and collection of servers. Basic set up is simple 
enough, but Capistrano 3 is a flexible framework and 


you will need to go a long way beyond this simple 
introduction if you want to begin to get the full use 
of it 

We will need a recent Ruby, Git (plus a GitHub 
account) and a Rails project you’re working 
on. Also rbenv makes working with Rails easier, 
and capistrano-rbenv makes sure Capistrano 
uses the correct rbenv version of Ruby for 
deployment. It doesn’t matter whether you run 
Passenger, Unicorn or Puma as your app server, but 
note that there are Capistrano plugins to help with 
extra tasks on all of them. Search rubygems.org for 
the full choice. 
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(\A Install Capistrano 

W I Essentially, Capistrano copies your app from 
Git, over SSH, to your server and takes care of all of 
the operations you’d have to do if you were to move the 
files by hand. Capistrano will deal with any database 
migration, changes to files and file names, restarting 
the web server and so on. installing Capistrano, and 
the extras package which is nice to have, is a simple: 

| gem install Capistrano 

Any problems, check your Ruby installation. The 
capistrano-ext gem you may see referred to 
elsewhere is no longer essential, as features like 
extra staging options have been integrated into the 
main codebase. 



■ SSH Keys 

Wb If you’ve been logging into your web server 
with a SSH password, it’s time to generate keys. This 
is so that the login can be automated for Capistrano 
(or any other scripts you want to use - it’s a good idea 
to do this on any server). You’ll also need it for your 
GitHub account if you are going to be setting one up. 
Start generating the keys with: 

| ssh-keygen -t rsa 


...if you’ve not got one already in ~/ssh/ - and copy 
the~/.ssh/id_rsa.pubtotheserverwith: 

| ssh-copy-id -i ~/.ssh/id_rsa.pub user® 

| remote-host 


...which works by substituting your username, and 
servername or address. 



AQ On the server 

ww On your servers, you'll need a similar 
environment of rbenv, Git and your choice of Apache or 
Nginx. Use rbenv to grab the latest Ruby (or an earlier 
one if appropriate to yourapp): 

| rbenv install —list 
| rbenv install 2.1.3 

You won’t need unnecessary packages like Ruby 
documentation so when you come to install bundler, 
specify no docs: 

| gem install bundler —no-ri —no-rdoc 
Better yet, put: 

| gem: —no-rdoc —no-ri 

.. .in -/.gemrc. You’ll also need to set up the database - 
or separate server- as required byyour setup. Atypical 
Rails use case is SQLite on the developer’s laptop and 
PostgreSQLonthe production servers. 


A/ Bundling gems 

w“T For a Rails project, you can skip 
the install step and simply edit your Gemfile 
to include Capistrano and anything else you 
want. You’ll want more gems. In your 
project’s Gemfile: 

| gem ‘capistrano’, ‘~> 3.2.1’ 

| gem ‘capistrano-rails’, *~> 1.1.2’ 

| gem ‘capistrano-bundler’ 

| # if you are using RBENV 
| gem ‘capistrano-rbenv’, “~> 2.0” 

| # if you’re using Unicorn app server 
| gem ‘unicorn’ 

| # Otherwise gem ‘passenger’ or ‘puma’ 

This will also integrate bundler with Capistrano, 
bundle install downloads the gems specified in 
your Gemfile and installs them. 

The ~> 3.2.1 means that while 3.2.2 will 
be installed when it’s released, 3.3.0 will not 
to avoid major version changes breaking 
your code. 
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Ar Config/deploy 

UU bundle exec cap install creates 
the necessary config files and directories. It is in 
these that we specify the actions that Capistrano 
takes to deploy our app to staging or to our 
production servers. 

Note that staging and production are created 
by default with files under config/deploy, and you 
can add a qa.rb file to that subdir if you wish to add 
a third stage. Alternatively, you can create all the 
extra stages at installation time: 

| cap install STAGES=staging,production,ci,qa 


File Edit View Seirch Tool* Document* Help 

® Open v Save ■W" undo 

•Cepfile L_j ‘deploy.rb Q 0 production.rb O 

AQPrep are to 
UO deploy 

[server "37.59.xx.xx*, web, app, db, priaary: true 
require ‘bundler/capistrano" 


1 set application, "eyblog" 
set user, "richard" 

set deploy_to, * /var/www/w{retch( application}* 

# set :depioy_vla, :reeote_cache 

# set use.sudo, false 
#« repo details 

| set see, ‘git" 

set repository, "gitggithub. cob ^'eyblog git" 
set branch, waster 


default_run_options[:pty] = true 
ssh_options[ forward_agent] = true 
set keep_releases, s 


set rbenv_type, user 


Ruby v Tab Width: 8 v 

Ln 14, Col 36 


“Note that staging and production 
are created by default” 



Config 

W w The last step created the Capfile, tasks 
under lib/capistrano and deployed files under config/. 
Start with editing the Capfile by uncommenting 
the lines: 

| require ‘capistrano/rbenv’ 

| require ‘capistrano/bundler’ 

| require ‘capistrano/rails/migrations’ 

...and make sure that the line starting Dir.glob at 
the end of the above screenshot is present and 
uncommented. This line ensures that all of the RB 
files below lib/capistrano get loaded, including any 
custom tasks in lib/capistrano/tasks that you’ll want 
to later define. 



Secrets 

w# Remember that everything in our app is 
being shared with the team and anyone else who 
has access to our Git repository, including exposed 
passwords. Edit your .gitignore file to add this line: 


| /config/database.yml 


Now you can edit /config/database.yml for 
your database locally and in your staging and 
production environments. 

Restart your Rails server and check it’s working 
properly at http://localhost:3000 


OQ Pre P aret0 deploy 

v/O In deploy.rb, ahead of namespace :deploy, 
you should add some lines relevant to your project: 


| require “bundler/capistrano” 


| server “37.59.xx.xx”, :web, :app, 
:db,primary: true 


| set application, “myblog” 

| set :user, “richard” 

| set :deploy_to, “/var 
www/#{fetch (: application}” 

| # set :deploy_via, :remote_cache 
| # set :use_sudo, false 
| ## repo details 


| set repository, “git@github.com:jsmith/ 
myblog. git” 

| set :branch, “master” 

| default_run_options[:pty] = true 
| ssh_options[:forward_agent] = true 
| set :keep_releases, 5 


Note that here we’re deploying to just one server. 
You might also want to add some specifics for your 
Ruby environment: 
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| set :rbenv_type, : system # or :user 
| set :rbenv_ruby, “2.1.2” 

| set :rbenv_prefix, “RBENV_ 

ROOT=#{fetch(: rbenv_path)} RBENV_ 
VERSION=#{fetch(: rbenv_ruby)} 

| #{fetch(:rbenv_path)}/bin/rbenv exec” 

| set :rbenv_map_bins, %w{rake gem bundle 
ruby rails} 



09 


Test and prepare 

Setting tests will halt the deployment should 


| # tests under lib/capistrano/tasks/run_ 
tests.cap 
| set :tests, [] 


Now edit the set :server_name and server lines 
in config/deploy/production.rb to your server’s 
domain name. 

We’re about ready to deploy now. You could add 
a task deploy:setup_config to install the server 
software, and that would be desirable with a 
multiserver setup - but we’re keeping things simple 
in this introduction, hence the earlier manual set up of 
the server. 


A Deploy 

I W Now for deployment. Our config wound up 
the spring; to set the clockwork in motion we: 


cap production deploy 


For that to work first time, you’ll have had to have 
done a bit of work on the config - beyond what we’ve 
specifically outlined in the case of many setups. 
Capistrano is designed to expand and stretch to 
cover all sorts of circumstances, and your app and 
server setup won’t be exactly the same as anyone 
else’s. Although, that said, if you deploy to a large 
cloud provider then they may have Capistrano 
example conf igs you can copy. 

Capistrano’s modularity and flexibility means th 
ere’s a lot to explore to get it doing what you need. It 
is essentially a utility for running tasks, in parallel, 
across remote servers... 


Parallel lines 

I I With the simple on/in/do syntax of the Rake- 
derived DSL, flexible splitting of tasks across servers 


is easy. For example, to run something on every server 
at once: 

| on :all, in: parallel do 
# parallel task here 
| end 

Getting your servers to start a task in sequence, 
perhaps to avoid hitting a shared database, involves 
defining sequence and then: 

on :all, in: sequence, wait: 15 do 

# sequential code here 
end 

For a rolling restart of a large cluster, you can group 
servers together to go in parallel: 

| on :all, in: :groups, limit: 3, wait: 5 do 

# Your rolling restart... 
end 

You can seethe parallel execution of code for different 
groups of servers in the Capistrano developers’ 
example over at bit.ly/IFuodCh (under ‘Parallelism’), 
developed specifically to replace the previous version’s 
more hacky parallel do |session|. 

Off the Rails 

There’s plenty of documentation available to 
go beyond our simple introduction. The Capistrano 
website (http://capistranorb.com) should be your 
first port of call, but you’ll find docs elsewhere for 
integrating Capistrano with everything from Jenkins 
to AngularJS - just make sure that you’re reading 
something updated for Capistrano 3. Integrating 
Capistrano’s scripts for continuous deployment into 
a larger environment of a continuous integration 
server like Jenkins is easy enough - a job in Jenkins, 
for example, has cap deploy as its build step (and 
your Git repository as its URL). 

Away from Rails, gems exist to ease deployment 
for most web platforms, from Sinatra to Django. 
For Drupal (with Drush and the CapDrupal gem) you 
can automate taking the site offline, backing up the 
database, cloning your new code and pointing site 
root there, updating the database, and putting the 
site back online as well as the advantages of cap 
deployxollback. 

“Away from Rails, 
gems exist to 
ease deployment” 


SSHkit 

The Capistrano 3 development process gave 
birth to the SSHkit library developed by Lee 
Hambley - who did much of the great work of 
making Capistrano 3 such an improvement over 
an already pretty useful piece of code. 

SSHKit is a lower level toolkit that Capistrano 
uses for everything such as logging, formatting, 
connection management and pooling, 
parallelism, and batch execution. You too can 
use it for running commands in a structured way 
on one or more servers. 

Within Capistrano, you’ll find SSHkit called upon 
most of the time you use onQ. To use it yourself, 
start with some of the examples on the GitHub 
page and adapt for yoursite. 

Here SSHkit will build a path from the 
nested directories: 

on hosts do 
within “/var” do 
puts capture(:pwd) 
within :log do 
puts capture(:pwd) 
end 

Behind the scenes File.joinO is taking care of 
the slashes for you to build the paths and it 
should return: 


/var/ 

/var/log 
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